diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml
new file mode 100644
index 0000000000..48da7473fc
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml
@@ -0,0 +1,10 @@
+
+ Update User Password
+
+ Update the password of a current user - can only be executed for the current user or by an admin to update any user.
+
+ /api/person/changepassword/{userName}
+
+ user
+ required
+
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl
new file mode 100644
index 0000000000..6ca79f76ea
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl
@@ -0,0 +1,3 @@
+{
+ success : "${success?string}"
+}
\ No newline at end of file
diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml
index b41e9136a6..cec2581437 100644
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -77,8 +77,6 @@
-
-
@@ -115,12 +113,11 @@
+
-
-
@@ -136,6 +133,7 @@
+
@@ -223,6 +221,8 @@
sitestore
+
+
@@ -276,7 +276,9 @@
-
+
+
+
@@ -329,10 +331,12 @@
-
-
-
-
+
+
+
+
+
+
@@ -345,6 +349,18 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java b/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
new file mode 100644
index 0000000000..8fe18668cb
--- /dev/null
+++ b/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of
+ * the GPL, you may redistribute this Program in connection with Free/Libre
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's
+ * FLOSS exception. You should have recieved a copy of the text describing
+ * the FLOSS exception, and it is also available here:
+ * http://www.alfresco.com/legal/licensing
+ */
+package org.alfresco.repo.web.scripts.person;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.service.cmr.security.AuthenticationService;
+import org.alfresco.util.Content;
+import org.alfresco.web.scripts.DeclarativeWebScript;
+import org.alfresco.web.scripts.Status;
+import org.alfresco.web.scripts.WebScriptException;
+import org.alfresco.web.scripts.WebScriptRequest;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+/**
+ * Webscript implementation for the POST method for 'changepassword' API.
+ *
+ * @author Kevin Roast
+ */
+public class ChangePasswordPost extends DeclarativeWebScript
+{
+ private AuthenticationService authenticationService;
+
+
+ /**
+ * @param authenticationService the AuthenticationService to set
+ */
+ public void setAuthenticationService(AuthenticationService authenticationService)
+ {
+ this.authenticationService = authenticationService;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.Status)
+ */
+ @Override
+ protected Map executeImpl(WebScriptRequest req, Status status)
+ {
+ // Extract user name from the URL - cannot be null or webscript desc would not match
+ String userName = req.getExtensionPath();
+
+ // Extract old and new password details from JSON POST
+ Content c = req.getContent();
+ if (c == null)
+ {
+ throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
+ "Missing POST body.");
+ }
+ JSONObject json;
+ try
+ {
+ json = new JSONObject(c.getContent());
+
+ String oldPassword = json.getString("oldpw");
+ String newPassword = json.getString("newpw");
+
+ if (oldPassword == null || oldPassword.length() == 0)
+ {
+ throw new WebScriptException(Status.STATUS_BAD_REQUEST,
+ "Old password 'oldpw' is a required POST parameter.");
+ }
+ if (newPassword == null || newPassword.length() == 0)
+ {
+ throw new WebScriptException(Status.STATUS_BAD_REQUEST,
+ "New password 'newpw' is a required POST parameter.");
+ }
+
+ // update the password
+ authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
+ }
+ catch (AuthenticationException err)
+ {
+ throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
+ "Do not have appropriate auth or wrong auth details provided.");
+ }
+ catch (JSONException jErr)
+ {
+ throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
+ "Unable to parse JSON POST body: " + jErr.getMessage());
+ }
+ catch (IOException ioErr)
+ {
+ throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
+ "Unable to retrieve POST body: " + ioErr.getMessage());
+ }
+
+ Map model = new HashMap(1, 1.0f);
+ model.put("success", Boolean.TRUE);
+ return model;
+ }
+}