0 Replies Latest reply on Jul 18, 2013 9:58 AM by shin4649

    Error 403

    shin4649

      Hi,

       

      I created a form action for change password. After calling function user.changePassword(pwd), I am redirect to a 403 page.

       

      I reauthenticate the Authenticator Header but still getting error 403.

       

      This is my post.POST.jsp

       

      <%@taglib prefix="sling" uri="http://sling.apache.org/taglibs/sling/1.0" %>

      <%!

       

       

          final String PWD = "rep:password";

          final String PWD_CONFIRM = PWD +"_confirm";

            

      %><sling:defineObjects/>

      <%

       

       

          final ValueMap properties = ResourceUtil.getValueMap(resource);

          final SlingRepository repos = sling.getService(SlingRepository.class);

          final AccountManagerFactory af = sling.getService(AccountManagerFactory.class);

         

          ResourceResolver resolver = slingRequest.getResourceResolver();

          Session session = resolver.adaptTo(Session.class);

          Authorizable auth = resolver.adaptTo(Authorizable.class);

       

          String name = auth == null ? null : auth.getID();

          String error = null;   

          String path = properties.get("redirect", "");

          String pwd = null;

          

          try {

              final AccountManager am = af.createAccountManager(session);

              pwd = request.getParameter(PWD)==null? null : slingRequest.getRequestParameter(PWD).getString();

              log.info("new pwd : "+pwd );

              final String pwdConfirm = request.getParameter(PWD_CONFIRM)==null? null : slingRequest.getRequestParameter(PWD_CONFIRM).getString();

              final boolean hasPwd = pwd!=null && pwd.length()>0;

              User user = null;

                    

              if (!hasPwd) {

                  pwd = pwdConfirm;

              }

             

              if (name !=null) {

              log.info("username: " + name);

                  Authorizable authorizable = am.findAccount(name);

                  if (authorizable!=null && authorizable.isUser()) {

                      user = (User)authorizable;

                      log.info("user id: " + user.getID());

                      user.changePassword(pwd); 

                      log.info("password changed");

                                         

                     // session.logout();

                  } 

              }

          } catch (Exception e) {

              error = e.getMessage();

              log.error("change password error: " + error);

          } finally {

              if (session!=null) {

                  session.logout();

                  log.info("session logout");

              }

          }   

         

          String userID = null;

          String password = null;

          boolean valid = false;

       

          String authHeader = request.getHeader("Authorization");

          if (authHeader != null) {

              log.info(authHeader);

              java.util.StringTokenizer st = new java.util.StringTokenizer(authHeader);

              if (st.hasMoreTokens()) {

                  String basic = st.nextToken();

       

                  if (basic.equalsIgnoreCase("Basic")) {

                      String credentials = st.nextToken();

       

                      Base64 decoder = new Base64();

                      String userPass = new String(decoder.decodeBase64(credentials));

                     

                      int p = userPass.indexOf(":");

                      if (p != -1) {

                          userID = userPass.substring(0, p);

                          password = userPass.substring(p+1);

                          log.info("userID: "+userID);

                          log.info("password: "+password);

        

                          if ((userID.trim().equals(name)) &&

                          (password.trim().equals(pwd))) {

                              valid = true;

                          }

                      }

                  }

              }

          }

         

          if (!valid) {

               String s = "Basic realm=\"Chanage password. Please enter your username and new password.\"";

               response.setHeader("WWW-Authenticate", s);

               response.setStatus(401);

               return;

          }

         

         

          log.info("path: "+path);

          if ("".equals(path)) {

              FormsHelper.redirectToReferrer(slingRequest, slingResponse, new HashMap<String, String[]>());

          } else {

              log.info("redirect");

         

              if (path.indexOf(".")<0) {

                  path += ".html";

              }

              response.sendRedirect(path);

          }

       

       

       

      From log file:

       

      GET /content/lsc/change_password/successful.html HTTP/1.1] org.apache.sling.commons.auth.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate test_user: null

      GET /content/lsc/change_password/successful.html HTTP/1.1] org.apache.sling.commons.auth.impl.SlingAuthenticator login: No handler for request (4 handlers available)

      GET /content/lsc/change_password/successful.html HTTP/1.1] org.apache.sling.commons.auth.impl.SlingAuthenticator doLogin: Cannot login: No AuthenticationHandler available to handle the request