On Feb 11, 2008 10:03 PM, Rob Hills <[EMAIL PROTECTED]> wrote: > When I trace through the UserManagerImpl.save(User) method, I find that at > line 87, the code uses the dao to pull the user's old password from the DB to > compare it with the one that's just been posted to see if it's changed. The > problem I see here is that the password that comes back from the DB is the > one I typed in to the form - in plain text. Somehow it's been persisted to > the > DB prior to UserManagerImpl.save(User) being called.
Sorry, I can't help you but I've seen this problem some time ago. I looked into hibernate debug log and found that user object persisted after UserAction.java line 172: user.addRole(roleManager.getRole(roleName)); I tried to comment that line, and password was saved correctly. I hope someone will finally fix this :) -- Ernas M. Jamil --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
