Skip to content
Snippets Groups Projects
Commit f7b8e184 authored by Alinga Yeung's avatar Alinga Yeung
Browse files

Story ac2. Updated Password servlet as per Brian's code review comments.

parent 2ab9e92b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java
+ 79
68
View file @ f7b8e184
......@@ -97,12 +97,21 @@ public class PasswordServlet extends HttpServlet
public void doPost(final HttpServletRequest request, final HttpServletResponse response)
throws IOException
{
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
final long start = System.currentTimeMillis();
final ServletLogInfo logInfo = new ServletLogInfo(request);
log.info(logInfo.start());
try
{
final Subject subject = AuthenticationUtil.getSubject(request);
if ((subject == null) || (subject.getPrincipals(HttpPrincipal.class).isEmpty()))
{
logInfo.setMessage("Missing subject");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else
{
logInfo.setSubject(subject);
Subject.doAs(subject, new PrivilegedAction<Void>()
{
@Override
......@@ -110,17 +119,11 @@ public class PasswordServlet extends HttpServlet
{
try
{
response.setStatus(HttpServletResponse.SC_OK);
final Set<HttpPrincipal> webPrincipals =
subject.getPrincipals(HttpPrincipal.class);
if (webPrincipals.isEmpty())
{
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else
{
User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.toArray(
new HttpPrincipal[1])[0]);
User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.iterator().next());
String oldPassword = request.getParameter("old_password");
String newPassword = request.getParameter("new_password");
if (StringUtil.hasText(oldPassword))
......@@ -139,18 +142,31 @@ public class PasswordServlet extends HttpServlet
throw new IllegalArgumentException("Missing old password");
}
}
}
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(400);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
catch (AccessControlException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(401);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
catch (Throwable t)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return null;
}
});
}
}
catch (Throwable t)
{
......@@ -158,16 +174,11 @@ public class PasswordServlet extends HttpServlet
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(500);
}
finally
{
logInfo.setElapsedTime(System.currentTimeMillis() - start);
log.info(logInfo.end());
}
return null;
}
});
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment