DatabaseChangePasswordAction.java example

Explorer
jspresso-ce-master
/*
 * Copyright (c) 2005-2016 Vincent Vandenschrick. All rights reserved.
 *
 *  This file is part of the Jspresso framework.
 *
 *  Jspresso is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Lesser General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  Jspresso is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public License
 *  along with Jspresso.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.jspresso.framework.application.backend.action.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;

import org.jspresso.framework.action.ActionBusinessException;
import org.jspresso.framework.action.ActionException;
import org.jspresso.framework.security.UserPrincipal;
import org.springframework.jdbc.core.JdbcTemplate;

/**
 * Concrete backend implementation of a change password action where password is
 * stored in a relational database.
 *
 * @author Vincent Vandenschrick
 */
public class DatabaseChangePasswordAction extends AbstractChangePasswordAction {

  private JdbcTemplate jdbcTemplate;
  private String       updateQuery;

  /**
   * Configures the Spring jdbcTemplate to use to issue the update statement.
   *
   * @param jdbcTemplate
   *          the jdbcTemplate to set.
   */
  public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
    this.jdbcTemplate = jdbcTemplate;
  }

  /**
   * Configures the update query to execute to change the password. The prepared
   * statement parameters that will be bound are, in order :
   * <ol>
   * <li><b>"new password"</b> potentially hashed.</li>
   * <li><b>"user name"</b>.</li>
   * <li><b>"current password"</b> potentially hashed.</li>
   * </ol>
   *
   * @param updateQuery
   *          the updateQuery to set.
   */
  public void setUpdateQuery(String updateQuery) {
    this.updateQuery = updateQuery;
  }

  /**
   * {@inheritDoc}
   */
  @Override
  protected boolean changePassword(UserPrincipal userPrincipal,
      String currentPassword, String newPassword) {
    try {
      String newPassHash = "";
      if (newPassword != null) {
        newPassHash = digestAndEncode(newPassword.toCharArray());
      }
      String currentPassHash = "";
      if (currentPassword != null) {
        currentPassHash = digestAndEncode(currentPassword.toCharArray());
      }

      int updCount = getJdbcTemplate().update(getUpdateQuery(), newPassHash, userPrincipal.getName(), currentPassHash);
      if (updCount == 0) {
        throw new ActionBusinessException("Current password is not valid.",
            "password.current.invalid");
      }
    } catch (NoSuchAlgorithmException | IOException ex) {
      throw new ActionException(ex);
    }
    return true;
  }

  /**
   * Gets the jdbcTemplate.
   *
   * @return the jdbcTemplate.
   */
  protected JdbcTemplate getJdbcTemplate() {
    return jdbcTemplate;
  }

  /**
   * Gets the updateQuery.
   *
   * @return the updateQuery.
   */
  protected String getUpdateQuery() {
    return updateQuery;
  }
}