java - Endless loop of redirection to changePassword page in spring security -
i assigned task of implementing force reset password page our application? new spring , spring security, have implemented force reset logic using custom filter. changepassword page caught in endless loop, dont know why?
securitycontext.xml
<http auto-config='true' use-expressions="true" access-decision-manager-ref="webaccessdecisionmanager"> <intercept-url pattern="/**" access="isauthenticated()" /> <intercept-url pattern="/changepassword.*" access="hasrole('role_changepassword')"/> <form-login always-use-default-target="true" login-page="/login.jsp" default-target-url="/home_director.do" authentication-failure-url="/login.jsp?error=authfail" authentication-success-handler-ref="loginsucesshandler" /> <logout logout-url="/logout" logout-success-url="/login.jsp" invalidate-session="true"/> <session-management invalid-session-url="/login.jsp?error=invalidsession" /> <access-denied-handler error-page="/login.jsp?error=1"/> <custom-filter ref="switchuserprocessingfilter" position="switch_user_filter"/> <custom-filter ref="userresetpasswordcheckfilter" position="last"/> </http> <beans:bean id="userresetpasswordcheckfilter" class="com.statschedules.fo.spring.security.userresetpasswordcheckfilter">
userresetpasswordfilter.java inside dofilter check whether user's password has expired or not , use
response.sendredirect(response.encoderedirecturl(request.getcontextpath()+"/changepassword.jsp")); changepasswordcontroller.java @controller("/changepassword") public class changepasswordcontroller { public static logger log = loggerfactory.getlogger(changepasswordcontroller.class); @autowired protected passwordencoder passwordencoder; @autowired protected userdao userdao; @autowired protected userdetailsservice userdetailsservice; @requestmapping("/changepassword.jsp") public void changepassword(httpservletrequest request, httpservletresponse response, @requestparam(value = "newpassword") string newpassword) throws exception { user user = (user)securitycontextholder.getcontext().getauthentication().getprincipal(); string encryptedpassword = passwordencoder.encode(newpassword); if(true){//put user id or name of user password has changed user = userdao.getuser(1231); user.setpassword(encryptedpassword); userdao.updatepassword(user); } string username = "clinic1admin"; userdetails updateduser = userdetailsservice.loaduserbyusername(username); collection<? extends grantedauthority> orig = updateduser.getauthorities(); usernamepasswordauthenticationtoken targetuserrequest = new usernamepasswordauthenticationtoken(updateduser, updateduser.getpassword(), orig); securitycontextholder.getcontext().setauthentication(targetuserrequest); response.sendredirect("/home_director.do"); } }
i have placed changepassword.jsp file inside webapp directory along login.jsp , index.html can wrong in code? have been struggling problem since last couple of days, please, please me oout
Comments
Post a Comment