Implemented the reset password capability in teamengine.

teamengine-realm/src/main/java/com/occamlab/te/realm/PBKDF2Realm.java

@@ -20,8 +20,10 @@
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
+
 import org.apache.catalina.Realm;
 import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.catalina.realm.RealmBase;
@@ -62,7 +64,7 @@ public class PBKDF2Realm extends RealmBase {
     private static final Logger LOGR = Logger.getLogger(PBKDF2Realm.class.getName());
     private String rootPath = null;
     private DocumentBuilder DB = null;
-    private HashMap<String, Principal> principals = new HashMap<String, Principal>();
+    private HashMap<String, Principal> principals = UserGenericPrincipal.getInstance().getPrincipals();
 
     public String getRoot() {
         return rootPath;
@@ -223,4 +225,5 @@ GenericPrincipal createGenericPrincipal(String username, String password, List<S
         }
         return principal;
     }
+
 }

teamengine-realm/src/main/java/com/occamlab/te/realm/UserGenericPrincipal.java

@@ -0,0 +1,43 @@
+package com.occamlab.te.realm;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.logging.Logger;
+
+public class UserGenericPrincipal {
+
+  private static final Logger logger = Logger
+      .getLogger(UserGenericPrincipal.class.getPackage().getName());
+
+  private HashMap<String, Principal> principals = new HashMap<String, Principal>();
+
+  private static volatile UserGenericPrincipal userPrincipal = null;
+
+  public static UserGenericPrincipal getInstance() {
+
+    if (null == userPrincipal) {
+      synchronized (UserGenericPrincipal.class) {
+        // check again, because the thread might have been preempted
+        // just after the outer if was processed but before the
+        // synchronized statement was executed
+        if (userPrincipal == null) {
+          userPrincipal = new UserGenericPrincipal();
+        }
+      }
+    }
+    return userPrincipal;
+  }
+
+  public Principal removePrincipal(String username) {
+
+    synchronized (principals) {
+      return (Principal) principals.remove(username);
+    }
+
+  }
+
+  public HashMap<String, Principal> getPrincipals() {
+    return principals;
+  }
+
+}

teamengine-web/RegistrationHandlerServlet.java

@@ -0,0 +1,78 @@
+/****************************************************************************
+
+ The Original Code is TEAM Engine.
+
+ The Initial Developer of the Original Code is Northrop Grumman Corporation
+ jointly with The National Technology Alliance.  Portions created by
+ Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop
+ Grumman Corporation. All Rights Reserved.
+
+ Contributor(s): No additional contributors to date
+
+ ****************************************************************************/
+package com.occamlab.te.web;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.occamlab.te.realm.PasswordStorage;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+
+/**
+ * Handles requests to register new users.
+ * 
+ */
+public class RegistrationHandlerServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 7428127065308163495L;
+
+    Config conf;
+
+    public void init() throws ServletException {
+        conf = new Config();
+    }
+
+    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
+        try {
+            String username = request.getParameter("username");
+            String password = request.getParameter("password");
+            String hashedPassword = PasswordStorage.createHash(password);
+            String email = request.getParameter("email");
+            String firstName = request.getParameter("firstName");
+            String lastName = request.getParameter("lastName");
+            String organization = request.getParameter("organization");
+            File userDir = new File(conf.getUsersDir(), username);
+            if (userDir.exists()) {
+                String url = "register.jsp?error=duplicate&username=" + username;
+                if (email != null) {
+                    url += "&email=" + email;
+                }
+                response.sendRedirect(url);
+            } else {
+                userDir.mkdirs();
+                File xmlfile = new File(userDir, "user.xml");
+                PrintStream out = new PrintStream(new FileOutputStream(xmlfile));
+                out.println("<user>");
+                out.println(" <name>" + username + "</name>");
+                out.println(" <roles>");
+                out.println("  <name>user</name>");
+                out.println(" </roles>");
+                out.println(" <password>" + hashedPassword + "</password>");
+                out.println(" <email>" + email + "</email>");
+                out.println(" <firstName>" + firstName + "</firstName>");
+                out.println(" <lastName>" + lastName + "</lastName>");
+                out.println(" <organization>" + organization + "</organization>");
+                out.println("</user>");
+                out.close();
+                response.sendRedirect("registered.jsp");
+            }
+        } catch (Exception e) {
+            throw new ServletException(e);
+        }
+    }
+}

teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java

@@ -0,0 +1,79 @@
+package com.occamlab.te.web;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import com.occamlab.te.realm.PasswordStorage;
+import com.occamlab.te.realm.UserGenericPrincipal;
+
+import java.io.File;
+import java.security.Principal;
+
+/**
+ * Handles requests to change password.
+ * 
+ */
+public class ChangePasswordHandler extends HttpServlet {
+
+  Config conf;
+
+  public void init() throws ServletException {
+    conf = new Config();
+  }
+
+  public void doPost(HttpServletRequest request, HttpServletResponse response)
+      throws ServletException {
+
+    try {
+      String oldPass = request.getParameter("oldPass");
+      String username = request.getParameter("username");
+      String newPassword = request.getParameter("newPassword");
+
+      File userDir = new File(conf.getUsersDir(), username);
+      if (!userDir.exists()) {
+        String url = "changePassword.jsp?error=userNotExists&username="
+            + username;
+        response.sendRedirect(url);
+      } else {
+        File xmlfile = new File(userDir, "user.xml");
+        Document doc = XMLUtils.parseDocument(xmlfile);
+        Element userDetails = (Element) (doc.getElementsByTagName("user")
+            .item(0));
+
+        NodeList oldPwdList = userDetails
+            .getElementsByTagName("password");
+        String storedOldPassword = null;
+        if (oldPwdList.getLength() > 0) {
+          Element oldePwdElement = (Element) oldPwdList.item(0);
+          storedOldPassword = oldePwdElement.getTextContent();
+        }
+
+        Boolean isValid = PasswordStorage.verifyPassword(oldPass, storedOldPassword);
+        if (isValid) {
+          doc = XMLUtils.removeElement(doc, userDetails, "password");
+          Element pwdElement = doc.createElement("password");
+          pwdElement.setTextContent(PasswordStorage.createHash(newPassword));
+          userDetails.appendChild(pwdElement);
+          XMLUtils.transformDocument(doc, new File(userDir, "user.xml"));
+           Principal userPrincipal = UserGenericPrincipal.getInstance().removePrincipal(username);
+           if(userPrincipal == null){
+             throw new RuntimeException("Failed update old credentials");
+           }
+          request.getSession().invalidate();
+          response.sendRedirect(request.getContextPath());
+        } else {
+          String url = "changePassword.jsp?error=invalidOldPwd";
+          response.sendRedirect(url);
+        }
+      }
+    } catch (Exception e) {
+      throw new ServletException(e);
+    }
+  }
+}

teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java

@@ -0,0 +1,57 @@
+package com.occamlab.te.web;
+
+import java.util.Date;
+import java.util.Properties;
+import java.util.Random;
+
+import javax.mail.Authenticator;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.PasswordAuthentication;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.AddressException;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+
+public class EmailUtility {
+
+  public static void sendEmail(String host, String portNo,
+      final String userName, final String pwd, String toAddress,
+      String subject, String message) throws AddressException,
+      MessagingException {
+
+    Properties properties = new Properties();
+    properties.put("mail.smtp.host", host);
+    properties.put("mail.smtp.port", portNo);
+    properties.put("mail.smtp.auth", "true");
+    properties.put("mail.smtp.starttls.enable", "true");
+
+    Authenticator auth = new Authenticator() {
+      public PasswordAuthentication getPasswordAuthentication() {
+        return new PasswordAuthentication(userName, pwd);
+      }
+    };
+
+    Session session = Session.getInstance(properties, auth);
+    Message msg = new MimeMessage(session);
+    try {
+      msg.setFrom(new InternetAddress(userName));
+      InternetAddress[] toAddresses = { new InternetAddress(toAddress) };
+      msg.setRecipients(Message.RecipientType.TO, toAddresses);
+      msg.setSubject(subject);
+      msg.setSentDate(new Date());
+      msg.setContent(message, "text/html; charset=utf-8");
+
+      Transport.send(msg);
+    } catch (Exception e) {
+      throw new RuntimeException("Failed send mail : " + e.getMessage());
+    }
+  }
+
+  public static String getRandomNumberString() {
+    Random randomNo = new Random();
+    int number = randomNo.nextInt(999999);
+    return String.format("%06d", number);
+  }
+}