String key = request.getParameter("key");
UserEntity user = getDao().getUserDao().getByKey(key);
if (user == null || user.isDisabled()) {
RequestDispatcher dispatcher = getServletContext()
.getRequestDispatcher("/forgotPasswordFail.vm");
dispatcher.forward(request,response);
}
else {
user.setForgotPasswordKey(null);
getDao().getUserDao().save(user);
HttpSession session = request.getSession(true);