Change Password IdentityManager
I am trying to treat a first user access and so when the user logs in for the first time, I want my system to force the user to change his assigned password immediately and as such I want the user to enter the current password. However one way or the other it seems that the system is not working and I dont know why. I am not getting a particular error but when I used the below code, the system told me log in fails when I tried to login for the first time even before I tried to enforce the password change
@Transactional
public void changePwd() { //Change String to void
log.info("Method changePwd() :String");
//String fwd = null; Just commented now
String hashedCurrentPassword = generatePasswordHash(authenticatedUser.getCurrentPasswordHash(), authenticatedUser.getUsername());
authenticatedUser.setCurrentPasswordHash(hashedCurrentPassword);
final IdentityManager identityManager = IdentityManager.instance();
if (!identityManager.authenticate(authenticatedUser.getUsername(), hashedCurrentPassword)) {
FacesMessages.instance().addToControl("oldpassword", Severity.ERROR, "Is not correct. Please try again");
return;
}
new RunAsOperation() {
@Override
public void execute() {
@SuppressWarnings("unused")
String fwd;
if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
authenticatedUser.setLastSuccessLogin(new java.util.Date());
String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
entityManager.merge(authenticatedUser);
entityManager.flush();
showMenu = true;
firstAccess = false;
fwd = "home";
} else {
authenticatedUser.setPasswordHash("");
authenticatedUser.setPwdMatch("");
FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
showMenu = false;
firstAccess = true;
return;
}
and if I us
}
}.addRole("admin").run();
}
And if I used the below code the system passes me through and enforces the user(s) to change the password but it did not take the current pasword into consideration.
@Transactional
public String changePwd() {
log.info("Method changePwd() :String");
String fwd = null;
if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
authenticatedUser.setLastSuccessLogin(new java.util.Date());
String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
entityManager.merge(authenticatedUser);
entityManager.flush();
showMenu = true;
firstAccess = false;
fwd = "home";
} else {
authenticatedUser.setPasswordHash("");
authenticatedUser.setPwdMatch("");
FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
showMenu = false;
firstAccess = true;
fwd = null;
}
//return fwd;
return fwd;
}
Meanwhile, I need to verify the current password. I have been wondering if this is implemented in seam. All the post. All the thread that I have seen on this one so far does not have a concluded solution. Can somebody please help us.
Thank you
@Transactional
public void changePwd() { //Change String to void
log.info("Method changePwd() :String");
//String fwd = null; Just commented now
String hashedCurrentPassword = generatePasswordHash(authenticatedUser.getCurrentPasswordHash(), authenticatedUser.getUsername());
authenticatedUser.setCurrentPasswordHash(hashedCurrentPassword);
final IdentityManager identityManager = IdentityManager.instance();
if (!identityManager.authenticate(authenticatedUser.getUsername(), hashedCurrentPassword)) {
FacesMessages.instance().addToControl("oldpassword", Severity.ERROR, "Is not correct. Please try again");
return;
}
new RunAsOperation() {
@Override
public void execute() {
@SuppressWarnings("unused")
String fwd;
if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
authenticatedUser.setLastSuccessLogin(new java.util.Date());
String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
entityManager.merge(authenticatedUser);
entityManager.flush();
showMenu = true;
firstAccess = false;
fwd = "home";
} else {
authenticatedUser.setPasswordHash("");
authenticatedUser.setPwdMatch("");
FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
showMenu = false;
firstAccess = true;
return;
}
and if I us
}
}.addRole("admin").run();
}
And if I used the below code the system passes me through and enforces the user(s) to change the password but it did not take the current pasword into consideration.
@Transactional
public String changePwd() {
log.info("Method changePwd() :String");
String fwd = null;
if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
authenticatedUser.setLastSuccessLogin(new java.util.Date());
String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
entityManager.merge(authenticatedUser);
entityManager.flush();
showMenu = true;
firstAccess = false;
fwd = "home";
} else {
authenticatedUser.setPasswordHash("");
authenticatedUser.setPwdMatch("");
FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
showMenu = false;
firstAccess = true;
fwd = null;
}
//return fwd;
return fwd;
}
Meanwhile, I need to verify the current password. I have been wondering if this is implemented in seam. All the post. All the thread that I have seen on this one so far does not have a concluded solution. Can somebody please help us.
Thank you