Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java +79 −68 Original line number Diff line number Diff line Loading @@ -97,12 +97,21 @@ public class PasswordServlet extends HttpServlet public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws IOException { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); final long start = System.currentTimeMillis(); final ServletLogInfo logInfo = new ServletLogInfo(request); log.info(logInfo.start()); try { final Subject subject = AuthenticationUtil.getSubject(request); if ((subject == null) || (subject.getPrincipals(HttpPrincipal.class).isEmpty())) { logInfo.setMessage("Missing subject"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } else { logInfo.setSubject(subject); Subject.doAs(subject, new PrivilegedAction<Void>() { @Override Loading @@ -110,17 +119,11 @@ public class PasswordServlet extends HttpServlet { try { response.setStatus(HttpServletResponse.SC_OK); final Set<HttpPrincipal> webPrincipals = subject.getPrincipals(HttpPrincipal.class); if (webPrincipals.isEmpty()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } else { User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.toArray( new HttpPrincipal[1])[0]); User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.iterator().next()); String oldPassword = request.getParameter("old_password"); String newPassword = request.getParameter("new_password"); if (StringUtil.hasText(oldPassword)) Loading @@ -139,18 +142,31 @@ public class PasswordServlet extends HttpServlet throw new IllegalArgumentException("Missing old password"); } } } catch (IllegalArgumentException e) { log.debug(e.getMessage(), e); logInfo.setMessage(e.getMessage()); response.setStatus(400); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } catch (AccessControlException e) { log.debug(e.getMessage(), e); logInfo.setMessage(e.getMessage()); response.setStatus(401); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } catch (Throwable t) { String message = "Internal Server Error: " + t.getMessage(); log.error(message, t); logInfo.setSuccess(false); logInfo.setMessage(message); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } return null; } }); } } catch (Throwable t) { Loading @@ -158,16 +174,11 @@ public class PasswordServlet extends HttpServlet log.error(message, t); logInfo.setSuccess(false); logInfo.setMessage(message); response.setStatus(500); } finally { logInfo.setElapsedTime(System.currentTimeMillis() - start); log.info(logInfo.end()); } return null; } }); } } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java +79 −68 Original line number Diff line number Diff line Loading @@ -97,12 +97,21 @@ public class PasswordServlet extends HttpServlet public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws IOException { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); final long start = System.currentTimeMillis(); final ServletLogInfo logInfo = new ServletLogInfo(request); log.info(logInfo.start()); try { final Subject subject = AuthenticationUtil.getSubject(request); if ((subject == null) || (subject.getPrincipals(HttpPrincipal.class).isEmpty())) { logInfo.setMessage("Missing subject"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } else { logInfo.setSubject(subject); Subject.doAs(subject, new PrivilegedAction<Void>() { @Override Loading @@ -110,17 +119,11 @@ public class PasswordServlet extends HttpServlet { try { response.setStatus(HttpServletResponse.SC_OK); final Set<HttpPrincipal> webPrincipals = subject.getPrincipals(HttpPrincipal.class); if (webPrincipals.isEmpty()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } else { User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.toArray( new HttpPrincipal[1])[0]); User<HttpPrincipal> user = new User<HttpPrincipal>(webPrincipals.iterator().next()); String oldPassword = request.getParameter("old_password"); String newPassword = request.getParameter("new_password"); if (StringUtil.hasText(oldPassword)) Loading @@ -139,18 +142,31 @@ public class PasswordServlet extends HttpServlet throw new IllegalArgumentException("Missing old password"); } } } catch (IllegalArgumentException e) { log.debug(e.getMessage(), e); logInfo.setMessage(e.getMessage()); response.setStatus(400); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } catch (AccessControlException e) { log.debug(e.getMessage(), e); logInfo.setMessage(e.getMessage()); response.setStatus(401); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } catch (Throwable t) { String message = "Internal Server Error: " + t.getMessage(); log.error(message, t); logInfo.setSuccess(false); logInfo.setMessage(message); response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } return null; } }); } } catch (Throwable t) { Loading @@ -158,16 +174,11 @@ public class PasswordServlet extends HttpServlet log.error(message, t); logInfo.setSuccess(false); logInfo.setMessage(message); response.setStatus(500); } finally { logInfo.setElapsedTime(System.currentTimeMillis() - start); log.info(logInfo.end()); } return null; } }); } }
