To use the password invalidation security feature, you need to define the ChangePassword view for your store.
ChangePassword
This view is displayed if a user's password has expired. It should provide the user with a form to enter the current (expired) password and a new password. The Submit button invokes the ResetPassword command. There should also be a Cancel button that redirects the user to another page, in most cases, the storefront page.
ChangePassword attributes
- ECConstants.EC_PASSWORD_EXPIRED_FLAG
- 1
- The user's password has expired. This attribute is required in order to distinguish this view from the view used for the password change feature as they are the same. The view for the password change could be invoked by a user, and the JSP assigned to this view should be the same for both cases. The JSP should look for this attribute in order to decide what to display.
- null
- The attribute is not on a URL . This is normal password change behavior
- ECUserConstants.EC_UREG_LOGONID
- The current user logon id.
- ECConstants.EC_LOGIN_RETURN_URL
- The URL to which the browser is redirected after a successful password change. This URL will be passed to an action command under the name ECConstants.EC_URL.
ChangePassword form attributes
- ECUserConstants.EC_UREG_LOGONID
- The logon ID of the user. The current logon ID has been passed in to the view.
- ECUserConstants.EC_UREG_LOGONPASSWORDOLD
- The old password.
- ECUserConstants.EC_UREG_LOGONPASSWORD
- The new password.
- ECUserConstants.EC_UREG_LOGONPASSWORDVERIFY
- The new password verification.
- ECConstants.EC_URL
- The URL where users are redirected after a successful password change. The value has been passed in to the view.
- ECUserConstants.EC_RELOGIN_URL
- The URL where the browser is redirected if the password change is not successful.