ChangePasswordEditAction.java
/*
* @ Copyright 2001 FA Software;
* All right reserved. No part of this program may be reproduced or
* transmitted in any form or by any means, electronic or
* mechanical, including photocopying, recording, or by any
* information storage or retrieval system without written
* permission from FA Software, except for inclusion of brief
* quotations in a review.
*/
package com.mycim.webapp.actions.security;
import com.fa.sesa.exception.Assert;
import com.fa.sesa.exception.Errors;
import com.mycim.framework.context.spring.SpringContext;
import com.mycim.framework.utils.lang.StringUtils;
import com.mycim.server.security.service.SecurityService;
import com.mycim.valueobject.MessageIdList;
import com.mycim.valueobject.ObjectList;
import com.mycim.valueobject.security.User;
import com.mycim.webapp.WebUtils;
import com.mycim.webapp.actions.AbstractAction;
import com.mycim.webapp.secutiry.jwt.JwtUtils;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ChangePasswordEditAction extends AbstractAction {
protected SecurityService securityService = SpringContext.getBean(SecurityService.class);
@Override
public ActionForward init(ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception {
String userId = JwtUtils.getUserId(request);
request.setAttribute("UserId", userId);
return mapping.getInputForward();
}
public ActionForward changeUserPassword(ActionMapping mapping, HttpServletRequest request,
HttpServletResponse response) throws Exception {
String userId = JwtUtils.getUserId(request);
long facilityRrn = JwtUtils.getFacilityRrn(request);
User user = securityService
.getUser(new User(userId, getNamedSpace(ObjectList.USER_KEY, facilityRrn), ObjectList.USER_KEY));
//如果用户不存在,直接返回到登录页面
if (user.getInstanceRrn() <= 0) {
response.sendRedirect("login/login.jsp");
return WebUtils.NULLActionForward;
}
//旧的密码
String oldPassword = StringUtils.trim(request.getParameter("oldpassword"));
oldPassword = StringUtils.encodeByMD5(oldPassword);
//新的密码
String newPassword = StringUtils.trim(request.getParameter("newpassword"));
//确认的密码
String confirmPassword = StringUtils.trim(request.getParameter("confirmpassword"));
//数据库中存储的原始密码
String passwordFromDatabase = "";
Assert.isFalse(StringUtils.isBlank(oldPassword) || StringUtils.isBlank(newPassword) ||
StringUtils.isBlank(confirmPassword),
Errors.create().key(MessageIdList.LOGIN_OLD_NEW_COMFIRM_PWD_NULL).content("原密码或新密码或确认密码不能为空!")
.build());
Assert.isTrue(newPassword.equals(confirmPassword),
Errors.create().key(MessageIdList.LOGIN_CONFIRM_NEW_PWD_DIFFERENT).content("确认密码或新密码不一致!")
.build());
passwordFromDatabase = user.getPassword();
Assert.isTrue(
StringUtils.isNotBlank(passwordFromDatabase) && StringUtils.equals(passwordFromDatabase, oldPassword),
Errors.create().key(MessageIdList.LOGIN_OLD_PWD_NULL).content("原密码不正确,请确认!").build());
user.setTransId("MODIFY");
user.setPassword(StringUtils.encodeByMD5(newPassword));
user.setTransPerformedby(user.getInstanceId());
Assert.isFalse(StringUtils.equalsIgnoreCase(passwordFromDatabase, user.getPassword()),
Errors.create().key(MessageIdList.LOGIN_OLD_NEW_PWD_SAME).content("原始密码和新密码不能一致!").build());
changeUserPassword(user,response);
String loginFlag = request.getParameter("loginFlag");
if (StringUtils.equalsIgnoreCase("unifiedLogin", loginFlag)) {
response.sendRedirect(request.getContextPath() + "/login.do?unified=1");
} else {
response.sendRedirect(request.getContextPath() + "/login.do");
}
return WebUtils.NULLActionForward;
}
private void changeUserPassword(User user,HttpServletResponse response) {
securityService.updatePassword(user.getInstanceRrn(), user.getPassword());
JwtUtils.setTokenToCookie(response,null);//跳登录页 删token
}
}
/*
* Modification Log Log No : Name : Modified Date: Description :
*/