-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen,
Stephen More wrote: > On 8/21/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: >> Stephen More wrote: >>> Has anyone written or know of a JDBCRealm that supports an expired password >>> ? >> Do you mean that you want expired-password-users to be forced to change >> their password before doing anything else? > > Yes, this is exactly what I am looking for: "I want > expired-password-users to be forced to change their password before > doing anything else." > > Does such a Realm/project exist ? I have done something like this using a (relatively) simply filter. It does several things: 1. Checks to see if the Session exists and has a Principal. 2. Checks to see if the Session contains my "User" object. If not, it loads the User object and performs the "real" login (as opposed to the basic authentication provided by the container). 3. Checks to see what the user's "status" is. If the user is in the "must change password" state, I send them to the "change password" screen. There are also checks to allow certain pages (like help pages) to be accessed even when the password has not been successfully changed, and, obviously, checks to make sure that we don't get into an endless loop attempting to serve the "change password" page. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzEyY9CaO5/Lv0PARAkyjAJ9HXS2JQQs6a+GCwKe1rkSrTSCIcgCgoGPp ACehLf2N35uzIEksKkONCVc= =dKpH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
