0

I am implementing forget password function. It will send a link to the user to reset his password. It looks something like this http://localhost:9080/BelsizeWeb/faces/login_pwchange.xhtml?id=yPvRp9xwUTXAY9fQpuNnuEBqT+twZ0rBraVKdcsJRi4=

While the user is still on this page, when the user click button to change and login, and if there is password mismatch, it will prompt with a faces message and the link on address bar should still contains id=yPvRp9xwUTXAY9fQpuNnuEBqT+twZ0rBraVKdcsJRi4=. But currently the link on address bar does not include the querystring.

I am using MyFaces 2.0, xhtml. Well, it hit null pointer exception because the querystring is null. I am using RequestScoped for Login_pwchange.java.

login_pwchange.xhtml

<f:metadata>
    <f:event listener="#{pc_Login_pwchange.onPageLoadBegin}" type="preRenderView"></f:event>
    <f:viewParam name="id" value="#{pc_Login_pwchange.w_login.token}" />
</f:metadata>

<h:body>
    <h:form id="form1" enctype="multipart/form-data" prependId="false">

        <p:commandButton ajax="false" type="submit" value="Change and Login"
            id="login_pwchange_change" styleClass="commandButton"
            action="#{pc_Login_pwchange.doLogin_pwchange_changeAction}" 
            style="width:150px" disabled="#{pc_Login_pwchange.w_login.disabled}">
            <f:param name="id" value="#{pc_Login_pwchange.w_login.token}" />
        </p:commandButton>
    </h:form>
</h:body>

faces-config.xml

<navigation-rule>
    <from-view-id>/login_pwchange.xhtml</from-view-id>
    <navigation-case>
        <from-outcome>success</from-outcome>
        <to-view-id>/index.xhtml</to-view-id>
    </navigation-case>
    <navigation-case>
        <from-outcome>failure</from-outcome>
        <to-view-id>/login.xhtml</to-view-id>
    </navigation-case>
    <navigation-case>
        <from-outcome>xxxxxx</from-outcome>
        <to-view-id>/login_pwchange.xhtml?faces-redirect=true&includeViewParams=true</to-view-id>
    </navigation-case>
</navigation-rule>

RedirectLogin.java

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {

    boolean authorized = false;
    boolean is_sysadmin = false;

    String user_sys_id = null;
    HttpSession session = null;

    if (request instanceof HttpServletRequest) {
        session = ((HttpServletRequest) request).getSession(false);
        if (session != null) {
            user_sys_id = (String) session.getAttribute("user_sys_id");
            if (user_sys_id != null) {
                authorized = true;
                String _id = user_sys_id.substring(0, 8);
                if (_id.equals("SYSADMIN")) {
                    is_sysadmin = true;
                }
            }
        }
    }

    if (request.getCharacterEncoding() == null) {
        request.setCharacterEncoding("UTF-8");
    }

    String _uri = ((HttpServletRequest) request).getRequestURI();
    String _querystring = ((HttpServletRequest) request).getQueryString();  //can get for first time. when there is page submit, this becomes null

    //Forget Password
    //========================
    if (!authorized && _uri.contains("login_pwchange.xhtml")) {

        HashMap _m = isResetPasswordURL(_querystring);

        request.setAttribute("userid", _m.get("USERID"));
        request.setAttribute("request_datetime", _m.get("REQUEST_DATETIME"));
        request.setAttribute("token", _m.get("TOKEN"));

        //OK - continue
        chain.doFilter(request, response);
        return;                 
    }       

    if (_uri.contains("login.xhtml")) {
        //OK - continue
        chain.doFilter(request, response);
        return;
    }

    chain.doFilter(request, response);
    return; 
}

Login_pwchange.java

public String doLogin_pwchange_changeAction() {

    W_login _w_l = getW_login();

    FacesContext context = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
    request.setAttribute("token", _w_l.getToken());

    Useraccount _ua = new Useraccount();
    _ua = _ua.getUserAccount_ByUserid_NotClosed(_w_l.getUserid());

    String _user_sys_id = _ua.getUsersysid();
    _w_l.setUsersysid(_user_sys_id);

    String _password = _w_l.getPassword();
    if(isEmptyNull(_password)) {
        _password = "";
    }
    String _password_retype = _w_l.getPassword_retype();
    if(isEmptyNull(_password_retype)) {
        _password_retype = "";
    }

    _ua = _w_l.getUserAccount_BackEnd_ByUsersysid(_user_sys_id);
    Integer _min_length = _ua.getPwminlength();
    Integer _max_length = _ua.getPwmaxlength();
    Integer _password_length = new Integer(_password.length());
    Integer _password_history = _ua.getPwhistory();
    Integer _max_age = _ua.getPwmaxage();
    String _userid = _ua.getUserid();   

    String _msg_key=null;

    _w_l.setPassword(null);
    _w_l.setPassword_retype(null);

    // Password mismatch
    if (!_password.equals(_password_retype)) {
        showCommonMessage_ByKey("login_pwchange_message_password_mismatch");
        return "xxxxxx";
    }

    Integer _status = _w_l.changePassword(_user_sys_id,_password);

    if (_status!=null) {        
        return "success";
    } else {
        return "failure";
    }   
}
bittersour
  • 937
  • 2
  • 11
  • 32
  • @BalusC Actually I have saw this link before I posted. It seems similar. Only difference is for mine, it is staying on the same page. But still could not get it working. – bittersour Oct 13 '15 at 07:08
  • @BalusC If possible we do not intend to use the 3rd party library. I am using f:param just now but still could not get it working. Perhaps you can give me some pointers? – bittersour Oct 13 '15 at 07:17
  • @BalusC sorry, have made the amendments. Hope the info is ok now. – bittersour Oct 13 '15 at 08:17

0 Answers0