3 Replies Latest reply: Aug 19, 2013 4:04 AM by ramandeep singh - oracle RSS

    How to allow authenticated user to modify their password with validation




      We are using jdeveloper , and we have to allow authenticated user to modify their owm password.
      So we have implemented some methods :


      private IdentityStore getIdentityStore(){
      JpsContext jpsCtx = JpsContextFactory.getContextFactory().getContext();
      IdentityStoreService service = jpsCtx.getServiceInstance(IdentityStoreService.class);
      return service.getIdmStore();

      } catch (JpsException e){

      LOGGER.log(LOGGER.ERROR, e.getMessage(), e);
      return null;


      public void setPassword(String oldPassword, String newPassword) throws IMException{
      IdentityStore oidStore = getIdentityStore();
      String userName = ADFContext.getCurrent.getSecurityContext.getUserName();
      User user = oidStore.getUserManager().authenticateUser(userName, oldPassword.toCharArray());
      user.getUserProfile().setPassword(oldPassword.toCharArray(), newPassword.toCharArray());


      Then, end-users are able to change their password BUT it also seems that the password validation is not checked through the UserProfile.setPassword() method. And we don't want to skip the password policy.

      Example: we are able to change the password to a new password with a length of say 4 characters whearas the SystemPasswordValidator does not authorize/validate that.

      Do you have any idea how to achieve that without using a connection to weblogic server through t3 protocol(as it requires an Admin authentication => credential to store) ?