@Override public void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { errors.clear(); UpdatePasswordForm passwordForm = new UpdatePasswordForm(); String uri = request.getRequestURI(); int lastIndex = uri.lastIndexOf("/"); String action = uri.substring(lastIndex + 1); String userName = (String) request.getSession().getAttribute("password_user"); if (userName == null || userName.isEmpty()) { userName = request.getRemoteUser(); if (userName == null || userName.isEmpty()) userName = (String) request.getSession().getAttribute("userName"); } if (userName != null && !userName.isEmpty()) { if (action.equals("submitUpdatePassword")) { if (!vsp.checkUserPassword(userName, request.getParameter("current_password"))) { errors.add("Current User Password is invalid"); dispatchUrl = "updatePassword"; request.setAttribute("errors", errors); return; } } passwordForm.setUserName(userName); passwordForm.setPassword(request.getParameter("password")); passwordForm.setVerifyPassword(request.getParameter("verifyPassword")); FormValidator passwordValidator = FormValidatorFactory.getUpdatePasswordValidator(); List<String> errors = passwordValidator.validate(passwordForm); if (errors.isEmpty()) { try { vsp.updateUserPassword( passwordForm.getUserName(), passwordForm.getPassword(), passwordForm.getVerifyPassword()); request.setAttribute("passwordUpdate", "Password has been successfully changed"); if (request.isUserInRole("admin")) { List<String> traders; traders = vsp.getTraders(); if (traders.size() > 0) { request.setAttribute("traders", traders); } dispatchUrl = "/admin/Admin.jsp"; } else if (action.equals("submitResetPassword")) dispatchUrl = "login"; else if (action.equals("submitUpdatePassword")) dispatchUrl = "updatePassword"; } catch (SQLException | SqlRequestException | ValidationException e) { errors.add(e.getMessage()); request.setAttribute("errors", errors); if (action.equals("submitResetPassword")) { dispatchUrl = "Error.jsp"; } else if (action.equals("submitUpdatePassword")) { dispatchUrl = "updatePassword"; } } } else { request.setAttribute("errors", errors); if (request.isUserInRole("admin")) { dispatchUrl = "ResetUserPassword.jsp"; } else if (action.equals("submitResetPassword")) { dispatchUrl = "Error.jsp"; } else if (action.equals("submitUpdatePassword")) { dispatchUrl = "updatePassword"; } } } else { errors.add("Unknown user name"); if (action.equals("submitResetPassword")) { dispatchUrl = "Error.jsp"; } else if (action.equals("submitUpdatePassword")) { dispatchUrl = "updatePassword"; } } } catch (SQLException e) { errors.add("Error verifying user password: "******"Error.jsp"; request.setAttribute("errors", errors); } finally { request.getSession().removeAttribute("userName"); } }