my question is to change password for user that is logged in the system. It prints out new password changed successfully but when i check it, the password remains the same and has not been changed. Is it because i use set.Password? Is there other ways? This code tries to retrieve Employee using username.
UPDATED : This question has been resolved by Alex's brilliant answer along with the other suggestions! Thank you all.
This is the method to invoke the remote controller
private void doChangePassword() throws UserNameNotFoundException, EmployeeNotFoundException {
Scanner scanner = new Scanner(System.in);
System.out.println("*** Administration Panel :: Change Password ***\n");
System.out.print("Enter username> ");
String username = scanner.nextLine().trim();
System.out.print("Enter current password> ");
String currentPassword = scanner.nextLine().trim();
System.out.print("Enter new password> ");
String newPassword = scanner.nextLine().trim();
System.out.print("Enter new password again> ");
String reenterNewPassword = scanner.nextLine().trim();
currentEmployee = employeeControllerRemote.retrievePasswordByUsername(username);
if (currentPassword.equals(currentEmployee.getPassword())) {
if (newPassword.equals(reenterNewPassword)) {
currentEmployee.setPassword(newPassword);
//Updated here
employeeControllerRemote.updateNewPassword(currentEmployee);
System.out.println("New Password changed successfully!\n");
} else {
System.out.println("New Password mismatched!\n");
}
}
else {
System.out.println("Wrong password, please try again later");
}
}
In another program, stateless session bean called employeeController. This method is implemented in employeeControllerRemote and local as well.
@Override
public Employee retrievePasswordByUsername(String username) throws UserNameNotFoundException {
Query query = em.createQuery("SELECT e FROM Employee e WHERE e.username = :inUsername", Employee.class);
query.setParameter("inUsername", username);
return (Employee) query.getSingleResult();
//Changed it according to suggestions
}
This is the new method that i created. I tried to use commit but it didn't work. I also tried to use persist and flush. But it says that it is a duplicate and there were illegal arguement errors. The flush did not work as well and the error code mentioned that there was nothing to flush. I created this new method did not put it under retrievePasswordByUsername method because i think that it should not be there since it just retrieves it? So i created a new method below. It still does not work though.
@Override
public void updateNewPassword(Employee employee) {
//em.getTransaction().begin();
em.flush();
//em.getTransaction().commit();
}
Thank you all for your time! :)
You should not do the password updating in your doChangePassword() method, as it is in client side. It cannot update anything to database directly. It needs to do it via your stateless session bean.
So you should modify your method in stateless session bean to do the update job.
@Override
public void updatePasswordByUsername(String username, String password) throws UserNameNotFoundException
{
Query query = em.createQuery("SELECT e FROM Employee e WHERE e.username = :inUsername");
query.setParameter("inUsername", username);
//query.getSingleResult();
Employee employee = (Employee) query.getSingleResult();
employee.setPassword(password);
em.persist(employee);
}
Then you call this method in your client side through stateless session bean.
You may need to check the old password again in your stateless session bean in order to avoid attacks that bypass your client-side checking.