@RequestMapping(value="/force_password_change", method = POST)
public String handleForcePasswordChange(Model model,
@RequestParam("password") String password,
@RequestParam("password_confirmation") String passwordConfirmation,
HttpServletResponse response) throws IOException {
UaaAuthentication authentication = ((UaaAuthentication)SecurityContextHolder.getContext().getAuthentication());
UaaPrincipal principal = authentication.getPrincipal();
String email = principal.getEmail();
PasswordConfirmationValidation validation =
new PasswordConfirmationValidation(email, password, passwordConfirmation);
if(!validation.valid()) {
return handleUnprocessableEntity(model, response, email, resourcePropertySource.getProperty("force_password_change.form_error").toString());
}
logger.debug("Processing handleForcePasswordChange for user: "+ email);
try {
resetPasswordService.resetUserPassword(principal.getId(), password);
} catch(InvalidPasswordException exception) {
return handleUnprocessableEntity(model, response, email, exception.getMessagesAsOneString());
}
logger.debug(String.format("Successful password change for username:%s in zone:%s ",principal.getName(), IdentityZoneHolder.get().getId()));
authentication.setRequiresPasswordChange(false);
authentication.setAuthenticatedTime(System.currentTimeMillis());
return "redirect:/force_password_change_completed";
}