Author: channa
Date: Thu Feb 14 04:10:07 2008
New Revision: 13766
Log:
Prevented system user passwords being changed. MASHUP-683.
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
trunk/mashup/java/modules/www/add_user.jsp
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
Thu Feb 14 04:10:07 2008
@@ -25,9 +25,7 @@
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
import org.wso2.usermanager.UserStoreAdmin;
-import org.wso2.usermanager.UserStoreReader;
-import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import java.util.Hashtable;
import java.util.Map;
@@ -217,7 +215,8 @@
// Get an instance of the secure registry as admin and then get
it's user manager.
UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
- if (!password.equals("")) {
+ // If the new password is not blank and user is allowed to change
passwords, change it.
+ if (!password.equals("") && !isPasswordFixed()) {
userStoreAdmin.updateUser(userName, password);
}
@@ -269,4 +268,19 @@
return valid;
}
+
+ /**
+ * Contains the logic which determines if the current user's password is
fixed.
+ * @return true if the user's password can be changed without any adverse
effects to the system.
+ */
+ public boolean isPasswordFixed() throws UserManagerException {
+ boolean passwordFixed = false;
+
+ if (userName.equals(RegistryConstants.ANONYMOUS_USER) ||
+ userName.equals(RegistryConstants.SYSTEM_USER)) {
+ passwordFixed = true;
+ }
+
+ return passwordFixed;
+ }
}
Modified: trunk/mashup/java/modules/www/add_user.jsp
==============================================================================
--- trunk/mashup/java/modules/www/add_user.jsp (original)
+++ trunk/mashup/java/modules/www/add_user.jsp Thu Feb 14 04:10:07 2008
@@ -149,12 +149,16 @@
</tr>
<tr>
<td><label><strong>Password:<% if
(!"true".equals(editMode)) { %> <font
color="#FF0000">*</font><%}%></strong></label></td>
- <td><input type="password" name="password"
+ <td>
+ <% if ("true".equals(editMode) &&
addUserHandler.isPasswordFixed()) { %>
+ <div class="login-error">Password changes not
perrmitted for this user.</div>
+ <% } else { %>
+ <input type="password" name="password"
value="<%=addUserHandler.getPassword()%>"/>
<br><div
class="login-error"><%=addUserHandler.getErrorMessage("password")%></div>
<% if ("true".equals(editMode)) { %>
- <br><strong>If a new password is entered
here it will reset the existing password. Leave empty if this is not your
intention.</strong>
- <% } %>
+ <br><strong>If a password is entered here
it will reset the user's existing password.</strong>
+ <% }} %>
</td>
</tr>
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
