AnsweredAssumed Answered

[solved] Wrong message output in UsersBean.java

Question asked by zomurn on Feb 18, 2009
Latest reply on Feb 25, 2009 by zomurn
When changing user password and setting wrong old password, a scaring message appears on the web client : 20 red lines of stack trace on the explorer where as it is a human error !
I read in alfresco 2.2.0 source code, a portion of code in part of repository service, responsible of this big red message (AuthenticationComponentImpl.java):

/**
     * Authenticate
     */
    protected void authenticateImpl(String userName, char[] password) throws AuthenticationException
    {
        try
        {
            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName,
                    new String(password));
            authenticationManager.authenticate(authentication);
            setCurrentUser(userName);

        }
        catch (net.sf.acegisecurity.AuthenticationException ae)
        {
            // This is a bit gross, I admit, but when LDAP is
            // configured ae, above, is non-serializable and breaks
            // remote authentication.
            StringWriter sw = new StringWriter();
            PrintWriter out = new PrintWriter(sw);
            out.println([b]ae.toString()[/b]);
            ae.printStackTrace(out);
            out.close();
            throw new AuthenticationException(sw.toString());
        }
    }

The exception is caught in the method below in UsersBean.java when old password is wrong

/**
    * Action handler called for OK button press on Change My Password screen
    * For this screen the user is required to enter their old password - effectively login.
    */
   public String changeMyPasswordOK()
   {
      String outcome = DIALOG_CLOSE;
     
      if (this.password != null && this.confirm != null && this.password.equals(this.confirm))
      {
         try
         {
            String userName = (String)this.person.getProperties().get(ContentModel.PROP_USERNAME);
            this.getAuthenticationService().updateAuthentication(userName, this.oldPassword.toCharArray(), this.password.toCharArray());
         }
         catch (Exception e)
         {
            outcome = null;
            Utils.addErrorMessage(MessageFormat.format(Application.getMessage(FacesContext
                  .getCurrentInstance(), Repository.ERROR_GENERIC), [b]e.getMessage()[/b]), e);
         }
      }
      else
      {
         outcome = null;
         Utils.addErrorMessage(Application.getMessage(FacesContext.getCurrentInstance(),
               ERROR_PASSWORD_MATCH));
      }
     
      return outcome;
   }

The problem is that the web client receive the horrible stack trace coming from the repository service (cf. tags in code portions above)
It lacks of a good translation of this "human error" message.

Outcomes