On Sat, May 24, 2014 at 2:47 AM, Sathya S <[email protected]> wrote:
> I am trying to enable a flow where users of a web site can reset their > passwords when ti has expired. I have enabled the maxAge configuration to > make the password expire after 10 days. This works well and I get an expiry > error. When I get this, I redirect the user to a change-password page where > they need to enter the old and new passwords. > > I am now stuck at how to verify the old password ! If I try to bind using > the user's credentials, I get a password expiry error regardless of whether > the password I provide is right or not. I know there is a Admin user - can > I use it somehow to check th correctness of a user password even after its > expired so that I can then change it to the new one? > > the way to do this is 1. get the password from the user entry (search this as admin) 2. use compareCredentials() method of PasswordUtil class to verify the given credentials > Thanks. > -- Kiran Ayyagari http://keydap.com
