passwordmodificationcontroller.java

一个很好的开源项目管理系统源代码

package net.java.workeffort.webapp.action;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import net.java.workeffort.infrastructure.encrypt.IPasswordEncrypter;
import net.java.workeffort.infrastructure.encrypt.Md5PasswordEncrypter;
import net.java.workeffort.service.ISecurityService;
import net.java.workeffort.service.domain.PasswordModification;
import net.java.workeffort.service.support.NoParentRowFkException;
import net.java.workeffort.webapp.support.InvalidSynchronizerTokenException;

import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;

/**
 * User password modification controller. Can change a password (the users can
 * change their own password) or reset a password(Done by admin person). Note
 * that the passwords saved in the database are encrypted
 * @see Md5PasswordEncrypter
 * @author Antony Joseph
 */
public class PasswordModificationController extends BaseFormController {
    private ISecurityService service;

    protected void init() {
        super.init();
        service = (ISecurityService) getWebApplicationContext().getBean(
                "securityService");
        setFormView(".passwordModification");
        setCommandClass(PasswordModification.class);
    }

    protected Object formBackingObject(HttpServletRequest request)
            throws Exception {
        if (logger.isInfoEnabled())
            logger.info("formBackingObject() invoked.");
        String dispatch = request.getParameter("dispatch");
        if (dispatch != null && dispatch.length() > 0)
            return super.formBackingObject(request);
        else {
            saveToken(request);
            return super.formBackingObject(request);
        }
    }

    protected ModelAndView processFormSubmission(HttpServletRequest request,
            HttpServletResponse response, Object command, BindException errors)
            throws Exception {
        if (!isTokenValid(request)) {
            clearToken(request);
            throw new InvalidSynchronizerTokenException(
                    "Invalid token. dispatch="
                            + request.getParameter("dispatch"));
        }
        return super.processFormSubmission(request, response, command, errors);
    }

    protected ModelAndView onSubmit(HttpServletRequest request,
            HttpServletResponse response, Object command, BindException errors)
            throws Exception {
        if (logger.isInfoEnabled())
            logger.info("onSubmit() invoked.");

        if ("submitPasswordChange".equals(request.getParameter("dispatch"))) {
            return submitPasswordChange(request, response, command, errors);
        }
        else if ("submitPasswordReset".equals(request.getParameter("dispatch"))) {
            return submitPasswordReset(request, response, command, errors);
        }
        else
            throw new RuntimeException("invalid dispatch:"
                    + request.getParameter("dispatch"));
    }

    protected ModelAndView submitPasswordChange(HttpServletRequest request,
            HttpServletResponse response, Object command, BindException errors)
            throws Exception {
        try {
            PasswordModification obj = (PasswordModification) command;
            if (!obj.getPassword1().equals(obj.getPassword2())) {
                errors.reject("password.conflict");
                return showForm(request, response, errors);
            }

            obj.setPassword1(encodePassword(obj.getPassword1()));
            service.changePassword(obj);
            saveMessage(request, "password.modification.successful");
            // to prevent duplicate submissions create a new token
            saveToken(request);
            return new ModelAndView(".passwordModificationSuccess");
        }
        catch (NoParentRowFkException fke) {
            errors.reject("invalid.partyCd");
            return showForm(request, response, errors);
        }
    }

    protected ModelAndView submitPasswordReset(HttpServletRequest request,
            HttpServletResponse response, Object command, BindException errors)
            throws Exception {
        try {
            PasswordModification obj = (PasswordModification) command;

            if (obj.getPartyCd() == null || obj.getPartyCd().length() == 0) {
                errors.reject("partyCd.required");
                return showForm(request, response, errors);
            }
            if (!obj.getPassword1().equals(obj.getPassword2())) {
                errors.reject("password.conflict");
                return showForm(request, response, errors);
            }

            obj.setPassword1(encodePassword(obj.getPassword1()));
            service.resetPassword(obj);
            saveMessage(request, "password.modification.successful");
            // to prevent duplicate submissions create a new token
            saveToken(request);
            return new ModelAndView(".passwordModificationSuccess");
        }
        catch (NoParentRowFkException fke) {
            errors.reject("invalid.partyCd");
            return showForm(request, response, errors);
        }
    }

    private String encodePassword(String password) {
        IPasswordEncrypter passwordEncrypter = (IPasswordEncrypter) getWebApplicationContext()
                .getBean("passwordEncrypter");
        return passwordEncrypter.encryptPassword(password);
    }

}