-
1. Re: Redirect user to page without being authenticated.
mikkus70 Dec 3, 2010 10:58 AM (in response to jidlafe.hegner)You cannot logout the user to change the password, because if you logout you will not have a way of determining who the user is (you loose the session context).
To do what you want (force the user to perform a mandatory action before proceeding), the simplest thing is to remove all authorizations to the user, intercept the org.jboss.seam.security.notAuthorized event and redirect the user to the page you want. This works specially well if you use the user permissions to enable and disable the menu links.
What I do is create a bogus role that grants access only to the change password page, and when the user logs in I grant him only that role. When the user completes the password change procedure, I reassign back his normal roles.
-
2. Re: Redirect user to page without being authenticated.
jidlafe.hegner Dec 3, 2010 11:08 AM (in response to jidlafe.hegner)Emir, thanks for the response.
I will try,Thanks, Jidlafe S. Hegner
-
3. Re: Redirect user to page without being authenticated.
jidlafe.hegner Dec 3, 2010 12:30 PM (in response to jidlafe.hegner)Actually I want a more elegant solution. I'll look some more and then post what you get.
Thanks,