Entering content frame

Function documentation Changing the User Password Locate the document in its SAP Library structure

Use

The SAP J2EE Engine provides a built-in mechanism for prompting a user to change his or her password upon application login. This mechanism can be used in cases when application users are created centrally (for example, a system administrator creates users in the central user store) and they must change the default password that was assigned by the system administrator.

Features

The password change takes place as part of the authentication process (the first time the user attempts to log in to the application). The appropriate login module uses com.sap.engine.lib.security.PasswordChangeCallback and sends it to the handle() method of the CallbackHandler class to get the new password information. Therefore, if you develop your own login module from scratch, you must ensure your code takes care of sending the PasswordChangeCallback to the CallbackHandler. If you enhance any of the existing template login modules provided with the SAP J2EE Engine to develop your own login module, you do not have to worry about handling this situation yourself, since the template does it for you.

Whenever the password change takes place when the user authenticates to a Web application, the Web Container provides a default servlet that generates the form in which the user must enter his or her new password. If the new password is entered correctly, the Web Container changes it and lets the user proceed with the application. If the user does not provide new password, he or she is not allowed to proceed with the request to the application.

For more information about the default servlet providing the password change page and the way it is invoked, see PasswordChangeForm Servlet.

Providing Custom Password Change Forms

You can provide a custom password change page with your Web application. To do this you must develop the resource that generates this page (a servlet, a JSP, or plain HTML page) and declare and configure it in the web.xml and web-j2ee-engine.xml deployment descriptors of your application. For more information about this procedure, see Declaring and Configuring Web Components and Configuring Authentication.

 

Leaving content frame