/** Changes a user's password. */ @Override @POST @ResourceMethodSignature(input = UserChangePasswordRequest.class) public Object post(Context context, Request request, Response response, Object payload) throws ResourceException { UserChangePasswordRequest changePasswordRequest = (UserChangePasswordRequest) payload; if (changePasswordRequest != null) { UserChangePasswordResource resource = changePasswordRequest.getData(); try { if (!isAnonymousUser(resource.getUserId(), request)) { getSecuritySystem().changePassword(resource.getUserId(), resource.getNewPassword()); response.setStatus(Status.SUCCESS_NO_CONTENT); } else { response.setStatus( Status.CLIENT_ERROR_BAD_REQUEST, "Anonymous user cannot change password!"); getLogger().debug("Anonymous user password change is blocked!"); } } catch (UserNotFoundException e) { getLogger().debug("Invalid user ID!", e); throw new ResourceException( Status.CLIENT_ERROR_BAD_REQUEST, "Invalid credentials supplied."); } catch (InvalidConfigurationException e) { // this should never happen getLogger().warn("Failed to set password!", e); throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Failed to set password!."); } } // don't return anything because the status is a 204 return null; }