3 Replies Latest reply on Apr 21, 2007 1:58 AM by Shane Bryzak

    Handling Expired Password Best Practice

    Dave Everson Newbie


      Our environment JBoss 4.0.5, Seam 1.2.1, Facelets

      As part of our login use case, we have a requirement that the user's password must be changed within a defined period.

      We attempted to implement this functionality by throwing an Exception in the Authenticator class:

      if (user.isPasswordChangeRequired()) {
       throw new ExpiredPasswordException("User must change password");

      In pages.xml, we added the following:

      <exception class="us.crimnet.exceptions.ExpiredPasswordException">
       <redirect view-id="/change_password.xhtml"/>

      When we test this, the exception is thrown. However, the user is not redirected to the change_password.xhtml page. Rather, they just remain on the log page with a message saying that the log in failed.

      How have others implemented similar use cases?