Merge pull request #1170 from stormpath/issue/1138

Issue/1138

Author: dogeared

examples/servlet/pom.xml

@@ -116,10 +116,10 @@
                 <configuration>
                     <skip>${skipITs}</skip>
                     <container>
-                        <containerId>tomcat7x</containerId>
+                        <containerId>tomcat8x</containerId>
                         <zipUrlInstaller>
                             <url>
-                                http://repo1.maven.org/maven2/org/apache/tomcat/tomcat/7.0.69/tomcat-7.0.69.zip
+                                http://repo1.maven.org/maven2/org/apache/tomcat/tomcat/8.5.9/tomcat-8.5.9.zip
                             </url>
                         </zipUrlInstaller>
                     </container>

examples/spring-security-spring-boot-webmvc-bare-bones/pom.xml

@@ -38,7 +38,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <slf4j.version>1.7.21</slf4j.version>
         <spring.boot.version>1.4.0.RELEASE</spring.boot.version>
-        <tomcat.version>7.0.59</tomcat.version>
+        <tomcat.version>8.5.9</tomcat.version>
     </properties>
 
     <dependencies>

examples/spring-security-spring-boot-webmvc/pom.xml

@@ -39,7 +39,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <slf4j.version>1.7.21</slf4j.version>
         <spring.boot.version>1.4.0.RELEASE</spring.boot.version>
-        <tomcat.version>7.0.59</tomcat.version>
+        <tomcat.version>8.5.9</tomcat.version>
     </properties>
 
     <dependencies>

examples/spring-security-webmvc/pom.xml

@@ -41,7 +41,7 @@
         <slf4j.version>1.7.21</slf4j.version>
         <spring.version>4.3.2.RELEASE</spring.version>
         <spring.security.version>4.1.2.RELEASE</spring.security.version>
-        <tomcat.version>7.0.59</tomcat.version>
+        <tomcat.version>8.5.9</tomcat.version>
     </properties>
 
     <dependencies>
@@ -189,38 +189,44 @@
                         </executions>
                     </plugin>
                     <plugin>
-                        <groupId>org.mortbay.jetty</groupId>
-                        <artifactId>jetty-maven-plugin</artifactId>
-                        <version>8.1.16.v20140903</version>
-
-                        <!-- https://github.com/stormpath/stormpath-sdk-java/issues/270 -->
-                        <!-- When dropping Java 1.6 support, we can switch to jetty-maven-plugin 9.3.7.v20160115 -->
-                        <!--<groupId>org.eclipse.jetty</groupId>-->
-                        <!--<artifactId>jetty-maven-plugin</artifactId>-->
-                        <!--<version>9.3.7.v20160115</version>-->
-
+                        <groupId>org.codehaus.cargo</groupId>
+                        <artifactId>cargo-maven2-plugin</artifactId>
+                        <version>1.4.18</version>
                         <configuration>
-                            <scanIntervalSeconds>30</scanIntervalSeconds>
-
-                            <stopPort>8081</stopPort>
-                            <stopKey>STOP</stopKey>
-                            <daemon>true</daemon>
-                            <webApp>
-                                <contextPath>/</contextPath>
-                            </webApp>
+                            <skip>${skipITs}</skip>
+                            <container>
+                                <containerId>tomcat8x</containerId>
+                                <zipUrlInstaller>
+                                    <url>
+                                        http://repo1.maven.org/maven2/org/apache/tomcat/tomcat/8.5.9/tomcat-8.5.9.zip
+                                    </url>
+                                </zipUrlInstaller>
+                            </container>
+                            <deployables>
+                                <deployable>
+                                    <groupId>com.stormpath.spring</groupId>
+                                    <artifactId>stormpath-sdk-examples-spring-security-webmvc</artifactId>
+                                    <properties>
+                                        <context>/</context>
+                                    </properties>
+                                </deployable>
+                            </deployables>
+                            <configuration>
+                                <properties>
+                                    <cargo.tomcat.ajp.port>8010</cargo.tomcat.ajp.port>
+                                </properties>
+                            </configuration>
                         </configuration>
                         <executions>
                             <execution>
-                                <id>start-jetty</id>
+                                <id>start-server</id>
                                 <phase>pre-integration-test</phase>
                                 <goals>
-                                    <!-- stop any previous instance to free up the port -->
-                                    <goal>stop</goal>
                                     <goal>start</goal>
                                 </goals>
                             </execution>
                             <execution>
-                                <id>stop-jetty</id>
+                                <id>stop-server</id>
                                 <phase>post-integration-test</phase>
                                 <goals>
                                     <goal>stop</goal>

extensions/servlet/src/main/java/com/stormpath/sdk/servlet/mvc/ChangePasswordController.java

@@ -27,9 +27,13 @@
 import com.stormpath.sdk.servlet.form.Form;
 import com.stormpath.sdk.servlet.http.MediaType;
 import com.stormpath.sdk.servlet.http.Saver;
+import org.apache.http.HttpStatus;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -41,6 +45,8 @@
  */
 public class ChangePasswordController extends FormController {
 
+    private static final Logger log = LoggerFactory.getLogger(ChangePasswordController.class);
+
     private String forgotPasswordUri;
     private String loginUri;
     private String loginNextUri;
@@ -212,7 +218,7 @@ protected ViewModel onValidSubmit(HttpServletRequest request, HttpServletRespons
         String sptoken = form.getFieldValue("sptoken");
 
         if (isJsonPreferred(request, response)) {
-            Map<String, Object> model = new HashMap<String, Object>();
+            Map<String, Object> model = new HashMap<>();
             try {
                 Account account = application.resetPassword(sptoken, password);
                 if (autoLogin) {
@@ -237,11 +243,22 @@ protected ViewModel onValidSubmit(HttpServletRequest request, HttpServletRespons
             if (autoLogin) {
                 final AuthenticationResult result = new TransientAuthenticationResult(account);
                 this.authenticationResultSaver.set(request, response, result);
-                next = loginNextUri;
+                next = this.loginNextUri;
             } else {
                 next = this.nextUri;
             }
+        } catch (ResourceException e) {
+            // 404 is invalid, expired or used sptoken
+            if (e.getCode() == HttpStatus.SC_NOT_FOUND) {
+                next = this.errorUri;
+            } else {
+                // resolves https://github.com/stormpath/stormpath-sdk-java/issues/1138
+                // TODO This breaks i18n. Fix when Stormpath backend returns specific password policy failure codes.
+                ErrorModel errorModel = errorModelFactory.toError(request, e);
+                next = getUri() + "?sptoken=" + sptoken + "&error=" + URLEncoder.encode(errorModel.getMessage(), "UTF-8");
+            }
         } catch (Exception e) {
+            log.error("Caught exception: {}. Redirecting to: {}", e.getMessage(), errorUri, e);
             next = errorUri;
         }
 

extensions/servlet/src/main/java/com/stormpath/sdk/servlet/mvc/FormController.java

@@ -30,11 +30,13 @@
 import com.stormpath.sdk.servlet.form.DefaultForm;
 import com.stormpath.sdk.servlet.form.Field;
 import com.stormpath.sdk.servlet.form.Form;
+import org.apache.http.HttpStatus;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -130,17 +132,23 @@ protected ViewModel doGet(HttpServletRequest request, HttpServletResponse respon
     @SuppressWarnings("unchecked")
     protected Map<String,?> createModel(HttpServletRequest request, HttpServletResponse response) {
         List<ErrorModel> errors = null;
-        // session null check fixes https://github.com/stormpath/stormpath-sdk-java/issues/908
-        if (request.getParameter("error") != null && request.getSession(false) != null) {
-            //The login page is being re-rendered after an unsuccessful authentication attempt from Spring Security
-            //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/648
-            //See StormpathAuthenticationFailureHandler
+        if (request.getParameter("error") != null) {
             errors = new ArrayList<>();
-            ErrorModel error =
-                (ErrorModel) request.getSession(false).getAttribute(SPRING_SECURITY_AUTHENTICATION_FAILED_KEY);
-            if (error != null) {
-                errors.add(error);
+            ErrorModel error = null;
+            HttpSession session = request.getSession(false);
+            // session null check fixes https://github.com/stormpath/stormpath-sdk-java/issues/908
+            if (session != null && session.getAttribute(SPRING_SECURITY_AUTHENTICATION_FAILED_KEY) != null) {
+                //The login page is being re-rendered after an unsuccessful authentication attempt from Spring Security
+                //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/648
+                //See StormpathAuthenticationFailureHandler
+                error = (ErrorModel) session.getAttribute(SPRING_SECURITY_AUTHENTICATION_FAILED_KEY);
+            } else {
+                //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/1138
+                //TODO This breaks i18n. Fix when Stormpath backend returns specific password policy failure codes.
+                error = ErrorModel.builder()
+                    .setStatus(HttpStatus.SC_BAD_REQUEST).setMessage(request.getParameter("error")).build();
             }
+            errors.add(error);
         }
         return createModel(request, response, null, errors);
     }

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/pom.xml

@@ -27,10 +27,6 @@
     <name>Stormpath :: Spring :: Boot :: Spring Security :: Web MVC Starter</name>
     <description>Spring Boot WebMVC Starter for Stormpath with Spring Security</description>
 
-    <properties>
-        <tomcat.version>8.5.0</tomcat.version>
-    </properties>
-
     <dependencies>
 
         <dependency>
@@ -58,24 +54,6 @@
             <artifactId>stormpath-sdk-httpclient</artifactId>
             <scope>runtime</scope>
         </dependency>
-
-        <!--
-            We need to force Tomcat 7 for the ITs to run in Java 6.
-            Otherwise Tomcat 8.0.15 is used and it throws:
-            javax/servlet/ServletContext : Unsupported major.minor version 51.0
-        -->
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-core</artifactId>
-            <version>${tomcat.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-el</artifactId>
-            <version>${tomcat.version}</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>com.stormpath.spring</groupId>
             <artifactId>stormpath-spring</artifactId>

extensions/spring/boot/stormpath-webmvc-spring-boot-starter/pom.xml

@@ -27,10 +27,6 @@
     <name>Stormpath :: Spring :: Boot :: Web MVC</name>
     <description>Stormpath WebMVC Spring Boot Starter</description>
 
-    <properties>
-        <tomcat.version>7.0.59</tomcat.version>
-    </properties>
-
     <dependencies>
 
         <dependency>
@@ -75,23 +71,6 @@
             <artifactId>javax.servlet-api</artifactId>
         </dependency>
 
-        <!--
-            We need to force Tomcat 7 for the ITs to run in Java 6.
-            Otherwise Tomcat 8.0.15 is used and it throws:
-            javax/servlet/ServletContext : Unsupported major.minor version 51.0
-        -->
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-core</artifactId>
-            <version>${tomcat.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-el</artifactId>
-            <version>${tomcat.version}</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>com.stormpath.spring</groupId>
             <artifactId>stormpath-spring</artifactId>

extensions/spring/stormpath-spring-security-webmvc/pom.xml

@@ -27,6 +27,11 @@
     <name>Stormpath :: Spring :: Spring Security :: Web MVC</name>
     <description>Web MVC support for Stormpath-enabled Spring Security applications.</description>
 
+    <properties>
+        <restassured.version>2.9.0</restassured.version>
+        <jsoup.version>1.9.2</jsoup.version>
+    </properties>
+
     <dependencies>
 
         <!-- Required dependencies: -->
@@ -92,6 +97,24 @@
             <artifactId>hamcrest-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.jayway.restassured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <version>${restassured.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.jsoup</groupId>
+            <artifactId>jsoup</artifactId>
+            <version>${jsoup.version}</version>
+        </dependency>
+
 
     </dependencies>