When you are not using LDAP and you have to change user password with verifying old password the only option left is by using WAS Programatic Login.you can reset new password by Puma API and verify the old password by WAS Authentication, the below code is working fine for me.
PortletServiceHome psh = null;
try {
if (psh == null) {
javax.naming.Context ctx = new javax.naming.InitialContext();
psh = (PortletServiceHome) ctx.lookup("portletservice/com.ibm.portal.um.portletservice.PumaHome");
}
} catch (NamingException e) {
e.printStackTrace();
}
HashMap userAttrs = new HashMap();
String oldPwd = request.getParameter("OLD_PASSWORD");
String pwd1 = request.getParameter("PASSWORD");
String pwd2 = request.getParameter("PASSWORD_CONFIRM");
try
{
PumaHome service=(PumaHome) psh.getPortletService(PumaHome.class);
PumaLocator pLocator=service.getLocator();
PumaController pc = service.getController();
com.ibm.wps.puma.User vuser = (com.ibm.wps.puma.User)request.getAttribute("com.ibm.portal.puma.request-user");
String userid = vuser.getUserID();
if( pwd1 != null && oldPwd != null )
{
//verify password
LoginContext lc = null;
Subject subject = null;
System.out.println("old pwd::"+oldPwd);
try {
lc = new LoginContext("WSLogin",
new WSCallbackHandlerImpl(userid, oldPwd));
} catch (LoginException le) {
System.out.println("Cannot create LoginContext. " + le.getMessage());
} catch(SecurityException se) {
System.out.println("Security Exception. " + se.getMessage());
}
try {
lc.login();
subject = lc.getSubject();
System.out.println("loged in");
passwordVerification = true;
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(subject);
} catch(LoginException le) {
passwordVerification = false;
System.out.println("Fails to create Subject. " + le.getMessage());
}
if(passwordVerification)
{
userAttrs.put("uid", userid);
userAttrs.put("password", pwd1);
List userList = pLocator.findUsersByAttribute("uid", userid);
User editUser = (User)userList.get(0);
pc.setAttributes(editUser, userAttrs);
passwordChanged = true;
}
pls send me the import statements for the above codes..(if it need any jar files means that's too)
ReplyDeleteto this mail id helloahamed143@gmail.com
These are the import statements for the above code, and if you have installed portal on your local machine then no need to include any jar, the code will compile.
Deleteimport com.ibm.portal.portlet.service.PortletServiceHome;
import javax.naming.NamingException;
import javax.portlet.*;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
import com.ibm.portal.um.PumaController;
import com.ibm.portal.um.PumaHome;
import com.ibm.portal.um.PumaLocator;
import com.ibm.portal.um.User;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
With this approach i am able to reset my password even if i am typing my previous passwords into the old password field.
ReplyDeleteDo you have any solution for this?
This funtinality only worked when user login into system and try to change password by giving old and new passowrd. This funtionality will not work when user A login to system and try to chane password of user B. New Password will be change of User B but it will not validate Old password of User B
ReplyDelete