Skip to content
Snippets Groups Projects
Commit ffef3d08 authored by Alinga Yeung's avatar Alinga Yeung
Browse files

Story ac2. Fixed merge conflicts. Simplified code as well.

parents 6f184419 611cf34e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java
+ 52
56
View file @ ffef3d08
......@@ -70,7 +70,6 @@ package ca.nrc.cadc.ac.server.web.users;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.PrivilegedAction;
import java.util.Set;
import javax.security.auth.Subject;
......@@ -87,14 +86,29 @@ import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.util.StringUtil;
@SuppressWarnings("serial")
/**
* Servlet to handle password changes. Passwords are an integral part of the
* access control system and are handled differently to accommodate stricter
* guidelines.
* <p/>
* This servlet handles POST only. It relies on the Subject being set higher
* up by the AccessControlFilter as configured in the web descriptor.
*/
public class PasswordServlet extends HttpServlet
{
private static final Logger log = Logger.getLogger(PasswordServlet.class);
/**
* Attempt to change password.
*
* @param request The HTTP Request.
* @param response The HTTP Response.
* @throws IOException Any errors that are not expected.
*/
public void doPost(final HttpServletRequest request, final HttpServletResponse response)
public void doPost(final HttpServletRequest request,
final HttpServletResponse response)
throws IOException
{
final long start = System.currentTimeMillis();
......@@ -103,7 +117,8 @@ public class PasswordServlet extends HttpServlet
try
{
final Subject subject = AuthenticationUtil.getSubject(request);
if ((subject == null) || (subject.getPrincipals(HttpPrincipal.class).isEmpty()))
if ((subject == null)
|| (subject.getPrincipals(HttpPrincipal.class).isEmpty()))
{
logInfo.setMessage("Unauthorized subject");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
......@@ -111,24 +126,18 @@ public class PasswordServlet extends HttpServlet
else
{
logInfo.setSubject(subject);
Subject.doAs(subject, new PrivilegedAction<Void>()
{
@Override
public Void run()
{
try
{
final Set<HttpPrincipal> webPrincipals =
subject.getPrincipals(HttpPrincipal.class);
User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.iterator().next());
final User<HttpPrincipal> user =
new User<HttpPrincipal>(webPrincipals.iterator().next());
String oldPassword = request.getParameter("old_password");
String newPassword = request.getParameter("new_password");
if (StringUtil.hasText(oldPassword))
{
if (StringUtil.hasText(newPassword))
{
(new LdapUserPersistence<HttpPrincipal>()).setPassword(user, oldPassword, newPassword);
(new LdapUserPersistence<HttpPrincipal>())
.setPassword(user, oldPassword, newPassword);
}
else
{
......@@ -140,6 +149,7 @@ public class PasswordServlet extends HttpServlet
throw new IllegalArgumentException("Missing old password");
}
}
}
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
......@@ -160,20 +170,6 @@ public class PasswordServlet extends HttpServlet
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
return null;
}
});
}
}
catch (Throwable t)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
finally
{
logInfo.setElapsedTime(System.currentTimeMillis() - start);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment