貌似现在的框架有点问题,验证的时候用的是明文,但新密码却要使用加密后密码,否则在数据库存储中就是明文密码,只好按以下方式修改密码了,也许什么地方我没搞对:
@RequestMapping(value = "/account/changePassword", method = RequestMethod.POST)
public String submitChangePasswordPage(
@RequestParam("oldpassword") String oldPassword,
@RequestParam("password") String newPassword,
HttpServletRequest request) {
System.out.println("change password.............");
try{
//jdbcUserDetailsManager.changePassword(oldPassword, newPassword);
jdbcUserDetailsManager.changePassword(oldPassword, new ShaPasswordEncoder().encodePassword(newPassword,null));
}
catch( AuthenticationException e )
{
System.out.println( "Old password is incorrect!please rechange" );
//e.printStackTrace();
return "redirect:/account/change";
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = (User)auth.getPrincipal();
String userName = user.getUsername();
SecurityContextHolder.clearContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, newPassword);
try {
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = authenticationManager
.authenticate(token);
request.getSession();
SecurityContextHolder.getContext().setAuthentication(
authenticatedUser);
request.getSession()
.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
} catch (AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
return "redirect:/account/change";
}
return "redirect:/";
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
