> The problem: > > > > The user should have a password which should change after a time (eg one > month). > > So how do i intercept a login request after j_security_check which > redirects the user to a „change your password“ page before redirecting him > (as it usually would be), to the url he requested initially (of course this > should only happen when users password has expired)? > > > > Ist there a solution out of the box, and if not which classes should i > investigate to impement a custom solution ? >
Stefan, I am not sure there exist such an out of box solution. I would probably rewrite a security filter and check for the "freshness" of the password ... (have a timestamp attribute in database that stores time when password was updated last) Great things about filters you can easily stack them, turn them on or off ... and essentially separate the security (auditing, logging, etc..) concerns...
