0 Replies Latest reply on Nov 12, 2003 7:02 AM by Per Steffensen

    Change password on logged in user

    Per Steffensen Newbie

      Hi

      Im using the JBoss 3.2.1 / Tomcat 4.1.24 bundle. Im using container managed security and form based login. I all works fine.

      I want the logged in user to be able to change his password, and continue beeing logged in.

      I have read alot of postings in the JBoss forums about the topic and have ended up with the following code to run, when the user wants to change the password.

      -------------- code start --------------------------------
      java.util.ArrayList servers = MBeanServerFactory.findMBeanServer(null);
      if (servers.size() != 1) {
      System.out.println("Not exactly one server found");
      return;
      }
      MBeanServer server = (MBeanServer) servers.get(0);
      Principal userPrincipal = new org.jboss.security.SimplePrincipal(username);
      Object[] params = {"MySqlResSysRealm", userPrincipal};
      String[] signature = {"java.lang.String", "java.security.Principal"};
      try {
      ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
      server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
      } catch (Exception e) {
      System.out.println("Error flushing");
      }

      SecurityAssociation.setPrincipal(userPrincipal);
      SecurityAssociation.setCredential(password.toCharArray());
      ------------------ code end ------------------------

      username is the username of the logged in user, password is the NEW password that he wants, MySqlResSysRealm is the name the "application-policy" in login-conf.xml, that both the Web and EJB container authenticates and authorises against.

      It does not work. The user will not be able to do all the things he could before. The user gets "java.lang.SecurityException: Authentication exception" when he tries to access secured things. Why? What can I do?

      ------------- extra info start ---------------------------
      I have also tried to logout and relogin the user programmaticly, by calling the following code (it is in a struts action - therefore the ActionForward) after the code above:

      session.invalidate();
      return new ActionForward("popup/user.jsp?useraction=login&username=" + username + "&password=" + password, true);

      user.jsp logges in the user by forwarding to a secure page and using the parameters username and password automaticly on the login-page.

      Logging out and relogging in the user after the password change does not make it work either.
      --------- extra info end --------------------------------

      Please help me!

      Thanx