@Override @Transactional(readOnly = false) public CommandProcessingResult updatePassword(Long userId, final JsonCommand command) { User user = this.userRepository.findOne(userId); if (user == null) { throw new ResourceNotFoundException( "error.entity.user.not.found", "User with id " + userId + " not found", userId); } if (this.context.authenticatedUser().isPublicUser() || command.parameterExists(OldPasswordParamName)) { // validate old password String oldPassword = command.stringValueOfParameterNamed(OldPasswordParamName); if (!user.getPassword().equals(this.applicationPasswordEncoder.encode(oldPassword, user))) { throw new GeneralPlatformRuleException( "error.old.password.invalid", "Old Password is Incorrect"); } } user.updatePasswordFromCommand(command); generateKeyUsedForPasswordSalting(user); final String encodePassword = this.applicationPasswordEncoder.encode(user); user.updatePassword(encodePassword); this.userRepository.saveAndFlush(user); return new CommandProcessingResultBuilder().withResourceIdAsString(user.getId()).build(); }