File Source: changepasswordaction.java
/*
P/P * Method: net.sourceforge.pebble.web.action.ChangePasswordAction__static_init
*
* Postconditions:
* init'ed(log)
*/
1 /*
2 * Copyright (c) 2003-2006, Simon Brown
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * - Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * - Neither the name of Pebble nor the names of its contributors may
17 * be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32 package net.sourceforge.pebble.web.action;
33
34 import net.sourceforge.pebble.Constants;
35 import net.sourceforge.pebble.PebbleContext;
36 import net.sourceforge.pebble.security.PebbleUserDetails;
37 import net.sourceforge.pebble.security.SecurityRealm;
38 import net.sourceforge.pebble.security.SecurityRealmException;
39 import net.sourceforge.pebble.util.SecurityUtils;
40 import net.sourceforge.pebble.web.security.RequireSecurityToken;
41 import net.sourceforge.pebble.web.validation.ValidationContext;
42 import net.sourceforge.pebble.web.view.ForbiddenView;
43 import net.sourceforge.pebble.web.view.View;
44 import net.sourceforge.pebble.web.view.impl.ChangePasswordView;
45 import net.sourceforge.pebble.web.view.impl.PasswordChangedView;
46 import org.apache.commons.logging.Log;
47 import org.apache.commons.logging.LogFactory;
48
/*
P/P * Method: void net.sourceforge.pebble.web.action.ChangePasswordAction()
*/
49 import javax.servlet.ServletException;
50 import javax.servlet.http.HttpServletRequest;
51 import javax.servlet.http.HttpServletResponse;
52
53 /**
54 * Changes the user's password.
55 *
56 * @author Simon Brown
57 */
58 @RequireSecurityToken
59 public class ChangePasswordAction extends SecureAction {
60
61 /** the log used by this class */
62 private static final Log log = LogFactory.getLog(ChangePasswordAction.class);
63
64 /**
65 * Peforms the processing associated with this action.
66 *
67 * @param request the HttpServletRequest instance
68 * @param response the HttpServletResponse instance
69 * @return the name of the next view
70 */
71 public View process(HttpServletRequest request, HttpServletResponse response) throws ServletException {
72 try {
/*
P/P * Method: View process(HttpServletRequest, HttpServletResponse)
*
* Preconditions:
* net.sourceforge.pebble.PebbleContext__static_init.new PebbleContext(PebbleContext__static_init#1).configuration != null
* request != null
* (soft) this.model != null
* (soft) this.model.data != null
*
* Presumptions:
* java.io.File:exists(...)@103 == 1
* java.util.Iterator:hasNext(...)@126 == 0
* net.sourceforge.pebble.Configuration:getSecurityRealm(...)@73 != null
* realm.configuration@73 != null
* realm.passwordEncoder@73 != null
* ...
*
* Postconditions:
* return_value in Addr_Set{&new ChangePasswordView(process#5),&new PasswordChangedView(process#4),&new ChangePasswordView(process#2),&new ForbiddenView(process#1)}
* new ChangePasswordView(process#2) num objects <= 1
* new ChangePasswordView(process#5) num objects <= 1
* new ForbiddenView(process#1) num objects <= 1
* new PasswordChangedView(process#4) num objects <= 1
*
* Test Vectors:
* currentUserDetails.detailsUpdateable: {1}, {0}
* java.lang.String:equals(...)@92: {1}, {0}
* java.lang.String:length(...)@84: {1..232-1}, {0}
* java.lang.String:length(...)@90: {1..232-1}, {0}
* javax.servlet.http.HttpServletRequest:getParameter(...)@75: Addr_Set{null}, Inverse{null}
* javax.servlet.http.HttpServletRequest:getParameter(...)@77: Addr_Set{null}, Inverse{null}
*/
73 SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
74 PebbleUserDetails currentUserDetails = SecurityUtils.getUserDetails();
75 String password1 = request.getParameter("password1");
76 String password2 = request.getParameter("password2");
77 String submit = request.getParameter("submit");
78
79 // can the user change their user details?
+ 80 if (!currentUserDetails.isDetailsUpdateable()) {
81 return new ForbiddenView();
82 }
83
84 if (submit == null || submit.length() == 0) {
85 return new ChangePasswordView();
86 }
87
88 ValidationContext validationContext = new ValidationContext();
89
90 if (password1 == null || password1.length() == 0) {
91 validationContext.addError("Password can not be empty");
92 } else if (!password1.equals(password2)) {
93 validationContext.addError("Passwords do not match");
94 }
95
96 if (!validationContext.hasErrors()) {
97 realm.changePassword(currentUserDetails.getUsername(), password1);
98
99 return new PasswordChangedView();
100 }
101
102 getModel().put("validationContext", validationContext);
103 return new ChangePasswordView();
104 } catch (SecurityRealmException e) {
105 throw new ServletException(e);
106 }
107 }
108
109 /**
110 * Gets a list of all roles that are allowed to access this action.
111 *
112 * @return an array of Strings representing role names
113 * @param request
114 */
115 public String[] getRoles(HttpServletRequest request) {
/*
P/P * Method: String[] getRoles(HttpServletRequest)
*
* Presumptions:
* init'ed(net.sourceforge.pebble.Constants.ANY_ROLE)
*
* Postconditions:
* return_value == &new String[](getRoles#1)
* new String[](getRoles#1) num objects == 1
* return_value.length == 1
* return_value[0] == net.sourceforge.pebble.Constants.ANY_ROLE
* (soft) init'ed(return_value[0])
*/
116 return new String[]{Constants.ANY_ROLE};
117 }
118
119 }
SofCheck Inspector Build Version : 2.22510
| changepasswordaction.java |
2010-Jun-25 19:40:34 |
| changepasswordaction.class |
2010-Jul-19 20:23:38 |