Fix broken change password

[lgpl/argeo-commons.git] / org.argeo.security.jackrabbit / src / org / argeo / security / jackrabbit / JackrabbitUserAdminService.java

diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
index d5ef2ff174a17d1078ac44350e0968dfca6f2d7f..7835f1c8f1c17c10aea4daa2814e6989d209bffb 100644 (file)
--- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
@@ -160,13 +160,11 @@ public class JackrabbitUserAdminService implements UserAdminService,
        public void changePassword(String oldPassword, String newPassword) {
                Authentication authentication = SecurityContextHolder.getContext()
                                .getAuthentication();
+               String username = authentication.getName();
                try {
-                       SimpleCredentials sp = new SimpleCredentials(
-                                       authentication.getName(),
-                                       ((UserDetails) authentication.getDetails()).getPassword()
-                                                       .toCharArray());
-                       User user = (User) getUserManager().getAuthorizable(
-                                       authentication.getName());
+                       SimpleCredentials sp = new SimpleCredentials(username,
+                                       oldPassword.toCharArray());
+                       User user = (User) getUserManager().getAuthorizable(username);
                        CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user
                                        .getCredentials();
                        if (credentials.matches(sp))
@@ -175,7 +173,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
                                throw new BadCredentialsException("Bad credentials provided");
                } catch (Exception e) {
                        throw new ArgeoException("Cannot change password for user "
-                                       + authentication.getName(), e);
+                                       + username, e);
                }
        }