SetPasswordForm


1   /*
2    *  SSL-Explorer
3    *
4    *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5    *
6    *  This program is free software; you can redistribute it and/or
7    *  modify it under the terms of the GNU General Public License
8    *  as published by the Free Software Foundation; either version 2 of
9    *  the License, or (at your option) any later version.
10   *  This program is distributed in the hope that it will be useful,
11   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   *  GNU General Public License for more details.
14   *
15   *  You should have received a copy of the GNU General Public
16   *  License along with this program; if not, write to the Free Software
17   *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18   */
19              
20  package com.sslexplorer.security.forms;
21  
22  import java.util.regex.Pattern  ;
23  
24  import javax.servlet.http.HttpServletRequest  ;
25  import javax.servlet.http.HttpSession  ;
26  
27  import org.apache.struts.Globals;
28  import org.apache.struts.action.ActionErrors;
29  import org.apache.struts.action.ActionMapping;
30  import org.apache.struts.action.ActionMessage;
31  
32  import com.sslexplorer.core.forms.CoreForm;
33  import com.sslexplorer.properties.Property;
34  import com.sslexplorer.properties.impl.realms.RealmKey;
35  import com.sslexplorer.security.User;
36  import com.sslexplorer.security.UserDatabaseException;
37  
38  /**
39   * Form for setting the users password, with the option to make the user to change the password on logon.
40   *  
41   * @author James D Robinson <a HREF="mailto:james@3sp.com">&lt;james@3sp.com&gt;</a>
42   *
43   */
44  public class SetPasswordForm extends CoreForm {
45  
46      private static final long serialVersionUID = -4783370317292273239L;
47      /**
48       * As this might be redirected for further authentication we have to stuff
49       * the information in the session to retrieve it later.  An example of this
50       * is a user logging in via PIN authentication then trying to create a user.
51       * The logged on user needs to enter their session password to gain access
52       * and thus there are a few redirects which means the form is reset.
53       */
54      public static final String   SAVED_PASSWORD = "setPassword.saved.password";
55      /**
56       * See comment above.
57       */
58      public static final String   SAVED_FORCE_PASSWORD_CHANGE = "setPassword.saved.forceChange";
59      
60      private String   newPassword;
61      private String   confirmPassword;
62      private User user;
63      private boolean forceChangePasswordAtLogon;
64  
65      /**
66       * @param user
67       */
68      public void initialize(User user) {
69          this.user = user;
70      }
71  
72      /**
73       * @return boolean
74       */
75      public boolean getForceChangePasswordAtLogon() {
76          return forceChangePasswordAtLogon;
77      }
78  
79      /**
80       * @param forceChangePasswordAtLogon
81       */
82      public void setForceChangePasswordAtLogon(boolean forceChangePasswordAtLogon) {
83          this.forceChangePasswordAtLogon = forceChangePasswordAtLogon;
84      }
85  
86      /**
87       * @return String
88       */
89      public String   getNewPassword() {
90          return newPassword;
91      }
92  
93      /**
94       * @return String
95       */
96      public String   getConfirmPassword() {
97          return confirmPassword;
98      }
99  
100     /**
101      * @param newPassword
102      */
103     public void setNewPassword(String   newPassword) {
104         this.newPassword = newPassword;
105     }
106 
107     /**
108      * @param confirmPassword
109      */
110     public void setConfirmPassword(String   confirmPassword) {
111         this.confirmPassword = confirmPassword;
112     }
113 
114     /*
115      * (non-Javadoc)
116      * 
117      * @see org.apache.struts.action.ActionForm#reset(org.apache.struts.action.ActionMapping,
118      *      javax.servlet.http.HttpServletRequest)
119      */
120     public void reset(ActionMapping mapping, HttpServletRequest   request) {
121         newPassword = "";
122         confirmPassword = "";
123         forceChangePasswordAtLogon = false;
124     }
125 
126     /*
127      * (non-Javadoc)
128      * 
129      * @see org.apache.struts.action.ActionForm#validate(org.apache.struts.action.ActionMapping,
130      *      javax.servlet.http.HttpServletRequest)
131      */
132     public ActionErrors validate(ActionMapping mapping, HttpServletRequest   request) {
133         if ("commit".equals(request.getParameter("action"))) {
134             HttpSession   session = request.getSession();
135             String   passwordToSet = (String  ) session.getAttribute(SAVED_PASSWORD);
136             if(passwordToSet == null) {
137                 return validate();
138             } else {
139                 newPassword = passwordToSet;
140                 confirmPassword = passwordToSet;
141                 forceChangePasswordAtLogon = (Boolean  ) session.getAttribute(SAVED_FORCE_PASSWORD_CHANGE);
142                 session.removeAttribute(SAVED_PASSWORD);
143                 session.removeAttribute(SAVED_FORCE_PASSWORD_CHANGE);
144             }
145         }
146         return null;
147     }
148     
149     private ActionErrors validate() {
150         ActionErrors errors = new ActionErrors();
151         try {
152             if (getNewPassword().length() == 0) {
153                 errors.add(Globals.ERROR_KEY, new ActionMessage("setPassword.error.noNewPassword"));
154             } else if (!getNewPassword().equals(getConfirmPassword())) {
155                 errors.add(Globals.ERROR_KEY, new ActionMessage("setPassword.error.newAndConfirmPasswordsDontMatch"));
156             } else {
157                 // Check that the password matches the current policy, if
158                 // not then request a new one
159                 try {
160                     String   pattern = Property.getProperty(new RealmKey("security.password.pattern", getUser().getRealm().getResourceId()));
161                     Pattern   p = Pattern.compile(pattern);
162                     if (!p.matcher(newPassword).matches()) {
163                         errors.add(Globals.ERROR_KEY, new ActionMessage("setPassword.error.doesNotMatchPolicy"));
164                     }
165                 } catch (Exception   e) {
166                     throw new UserDatabaseException("Could not check password against current policy.", e);
167                 }
168             }
169         } catch (Exception   e) {
170             errors.add(Globals.ERROR_KEY, new ActionMessage("setPassword.error.validateFailed", e.getMessage()));
171         }
172         return errors;
173     }
174 
175     /**
176      * @return User
177      */
178     public User getUser() {
179         return user;
180     }
181 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags