Forgotten Password

If you trying to understand how ‘Forgotten Password’ functionality works, then this article would be greatly beneficial to you. Specially, if your customer has asked you to send out two emails to two separate email addresses. This feature is not supported by any of the Oracle Self-service products, such as iStore, iSupport etc.

Forgotten Password in iStore comprises of two JSP files, viz

ibeCAcdPwdAssist.jsp

and

ibeCAcpPwdAssist.jsp

As you can see, the only difference in the names of these files are the letters ‘d’ and ‘p’. Digressing on this a bit, Oracle iStore has maintained the naming convention of calling all ‘Display’ related pages by adding a letter ‘d’ somewhere in its long, cryptic names and a letter ‘p’ is added to indicate that its a ‘Processing’ page.

ibeCACdPwdAssist.jsp displays the Username and Email Address fields and ibeCAcpPwdAssist.jsp processes this information based on very lengthy logic, as discussed below.

Search for the following line in ibeCAcpPwdAssist.jsp

email = resetPassword(username, email)

resetPassword is a method that resides in CustomUtil.java

One can decompile the class file residing in

$JAVA_TOP/oracle/apps/ibe/customer to know more about this code

resetPassword method calls the following methods, before sending out the Password to the user (using sendPassword method)

getPhoneAndEmail ==> has the following select statement

stringbuffer.append(“select email_address, phone_area_code, phone_number, “);
stringbuffer.append(“phone_extension, phone_line_type, priority_of_use_code, “);
stringbuffer.append(“contact_point_type from hz_contact_points “);
stringbuffer.append(“where owner_table_name = ‘HZ_PARTIES’ “);
stringbuffer.append(“and owner_table_id = :1 “);
stringbuffer.append(“and status = ‘A’ “);

From the above statement we can decipher that the primary email_address, where the password will be sent to, must be present in the hz_contact_points table.

If the email address returned is not the same as the email address entered by the user (on ibeCAcdPwdAssist.jsp) then an email is not sent out.

IBEUtil.getStoreSiteProfile ==> checks for the value in SIGNON_PASSWORD_LENGTH profile option

IBEUtil.generatePassword ==> Random password is generate equal to the length from the Profile option

SecurityManager.changeIdentity(s2, new CredentialImpl(s4)) ==> Use to the update the user’s password, where s2 is the username and s4 is the newly generated password

When all the above methods are successful, call the following method to send an email to the user

sendPassword

sendPassword method in turn calls

IBE_WORKFLOW_PVT.NotifyForgetLogin that triggers a notification using the iStore Alert Workflow

That’s a summary of what actually happens behind the scene. I had this opportunity to modify CustomUtil.java, to let the customer send out two emails to two different email addresses. After spending hours, and updating email addresses in various hz tables, I realized that there is something about IBE_WORKFLOW_PVT.NotifyForgetLogin that prevents us from sending an email to the alternate email address.

If you turn on the logging for iStore, I got the following errors in the IBE Java log file

14:44:0:788 [CustomerUtil.sendPassword] Exit
14:44:0:788 [CustomerUtil.resetPassword] new password is sent to user via email
14:44:0:788 [CustomerUtil.sendPassword] Enter
14:44:0:788 [CustomerUtil.send password] MAXLENGTH : 4000
14:44:0:788 [CustomerUtil.sendPassword] Call IBE_WORKFLOW.NotifyForgetLogin
14:44:0:796 [CustomerUtil.sendPassword] SQLException caught: ORA-20002: 3122: Duplicate item IBEALERT/FORGETLOGIN-032708154403-MFRIDRICH’ could not be created.
ORA-06512: at “APPS.IBE_WORKFLOW_PVT”, line 1744
ORA-06512: at line 1

14:44:0:796 [CustomerUtil.resetPassword] SQLException caught: ORA-20002: 3122: Duplicate item ‘IBEALERT/FORGETLOGIN-032708154403-MFRIDRICH’ could not be created.
ORA-06512: at “APPS.IBE_WORKFLOW_PVT”, line 1744
ORA-06512: at line 1

So, basically, this means that we cannot call the resetPassword twice with a different email address. They workflow process prevents us from doing this. One might thinking what is the solution to this issue. Come with your own Java mailer processing using the native java methods sending email to the local smtp host server.

This has been explained in detail in another article.