Skip to content
Snippets Groups Projects
Commit ffef3d08 authored by Alinga Yeung's avatar Alinga Yeung
Browse files

Story ac2. Fixed merge conflicts. Simplified code as well.

parents 6f184419 611cf34e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java
+ 52
56
View file @ ffef3d08
...@@ -70,7 +70,6 @@ package ca.nrc.cadc.ac.server.web.users; ...@@ -70,7 +70,6 @@ package ca.nrc.cadc.ac.server.web.users;
import java.io.IOException; import java.io.IOException;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.PrivilegedAction;
import java.util.Set; import java.util.Set;
import javax.security.auth.Subject; import javax.security.auth.Subject;
...@@ -87,14 +86,29 @@ import ca.nrc.cadc.auth.HttpPrincipal; ...@@ -87,14 +86,29 @@ import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.log.ServletLogInfo; import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.util.StringUtil; import ca.nrc.cadc.util.StringUtil;
@SuppressWarnings("serial")
/**
* Servlet to handle password changes. Passwords are an integral part of the
* access control system and are handled differently to accommodate stricter
* guidelines.
* <p/>
* This servlet handles POST only. It relies on the Subject being set higher
* up by the AccessControlFilter as configured in the web descriptor.
*/
public class PasswordServlet extends HttpServlet public class PasswordServlet extends HttpServlet
{ {
private static final Logger log = Logger.getLogger(PasswordServlet.class); private static final Logger log = Logger.getLogger(PasswordServlet.class);
/** /**
* Attempt to change password. * Attempt to change password.
*
* @param request The HTTP Request.
* @param response The HTTP Response.
* @throws IOException Any errors that are not expected.
*/ */
public void doPost(final HttpServletRequest request, final HttpServletResponse response) public void doPost(final HttpServletRequest request,
final HttpServletResponse response)
throws IOException throws IOException
{ {
final long start = System.currentTimeMillis(); final long start = System.currentTimeMillis();
...@@ -103,7 +117,8 @@ public class PasswordServlet extends HttpServlet ...@@ -103,7 +117,8 @@ public class PasswordServlet extends HttpServlet
try try
{ {
final Subject subject = AuthenticationUtil.getSubject(request); final Subject subject = AuthenticationUtil.getSubject(request);
if ((subject == null) || (subject.getPrincipals(HttpPrincipal.class).isEmpty())) if ((subject == null)
|| (subject.getPrincipals(HttpPrincipal.class).isEmpty()))
{ {
logInfo.setMessage("Unauthorized subject"); logInfo.setMessage("Unauthorized subject");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
...@@ -111,24 +126,18 @@ public class PasswordServlet extends HttpServlet ...@@ -111,24 +126,18 @@ public class PasswordServlet extends HttpServlet
else else
{ {
logInfo.setSubject(subject); logInfo.setSubject(subject);
Subject.doAs(subject, new PrivilegedAction<Void>()
{
@Override
public Void run()
{
try
{
final Set<HttpPrincipal> webPrincipals = final Set<HttpPrincipal> webPrincipals =
subject.getPrincipals(HttpPrincipal.class); subject.getPrincipals(HttpPrincipal.class);
final User<HttpPrincipal> user =
User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.iterator().next()); new User<HttpPrincipal>(webPrincipals.iterator().next());
String oldPassword = request.getParameter("old_password"); String oldPassword = request.getParameter("old_password");
String newPassword = request.getParameter("new_password"); String newPassword = request.getParameter("new_password");
if (StringUtil.hasText(oldPassword)) if (StringUtil.hasText(oldPassword))
{ {
if (StringUtil.hasText(newPassword)) if (StringUtil.hasText(newPassword))
{ {
(new LdapUserPersistence<HttpPrincipal>()).setPassword(user, oldPassword, newPassword); (new LdapUserPersistence<HttpPrincipal>())
.setPassword(user, oldPassword, newPassword);
} }
else else
{ {
...@@ -140,6 +149,7 @@ public class PasswordServlet extends HttpServlet ...@@ -140,6 +149,7 @@ public class PasswordServlet extends HttpServlet
throw new IllegalArgumentException("Missing old password"); throw new IllegalArgumentException("Missing old password");
} }
} }
}
catch (IllegalArgumentException e) catch (IllegalArgumentException e)
{ {
log.debug(e.getMessage(), e); log.debug(e.getMessage(), e);
...@@ -160,20 +170,6 @@ public class PasswordServlet extends HttpServlet ...@@ -160,20 +170,6 @@ public class PasswordServlet extends HttpServlet
logInfo.setMessage(message); logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} }
return null;
}
});
}
}
catch (Throwable t)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
finally finally
{ {
logInfo.setElapsedTime(System.currentTimeMillis() - start); logInfo.setElapsedTime(System.currentTimeMillis() - start);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment