@RequestMapping(value = "/Users/{userId}/password", method = RequestMethod.PUT) @ResponseBody public SimpleMessage changePassword( @PathVariable String userId, @RequestBody PasswordChangeRequest change) { checkPasswordChangeIsAllowed(userId, change.getOldPassword()); if (!dao.changePassword(userId, change.getOldPassword(), change.getPassword())) { throw new InvalidPasswordException("Password not changed for user: "******"ok", "password updated"); }