4 Replies Latest reply on Oct 16, 2012 4:24 AM by l.fugaro

JBossSX - JAAS - How to force change psw

rmazzola Mar 26, 2011 10:21 AM

I have an application using j2ee security (at web container using form authentication).

All works fine and I'm able also to write my own login module according to the Custom Login Module example.

I want force user to change own psw every 30 days..

I can check in the custom login when the user change own psw last time (because I can store it on db or ldap)... but..

I don't know how redirect the j_security_check to my change psw process instead of the original request...

Can someone help me ?

thanks

Roberto

1. Re: JBossSX - JAAS - How to force change psw

rmazzola Aug 27, 2011 2:49 AM (in response to rmazzola)

Hi
Nobody have experience or idea about it ?

Will Jboss 7 contains this feature ? also using a custom JAAS module ?
thanks
Actions
2. Re: JBossSX - JAAS - How to force change psw

wolfgangknauf Aug 29, 2011 10:15 AM (in response to rmazzola)

Hi,

you might achieve this behaviour by using a servlet filter and redirect to the "change password" page. See e.g. this for a small sample: http://viralpatel.net/blogs/2009/02/http-session-handling-tutorial-using-servlet-filters-session-error-filter-servlet-filter.html

Hope this helps

Wolfgang
Actions
3. Re: JBossSX - JAAS - How to force change psw

rmazzola Aug 29, 2011 11:35 AM (in response to wolfgangknauf)

Ty Wolfgang

But Filters doens't intercept the j_security_check special url (also using /* )

But probably I can use it as a starting point intercepting all other request and check it every time (maybe avoid do it every time keeping a boolean in the http session)

I believe this can be a great feature for JBOSS.
IBM Websphere and SAP Netweaver have it managed directly.

Ty

Roberto
Actions
4. Re: JBossSX - JAAS - How to force change psw

l.fugaro Oct 16, 2012 4:24 AM (in response to rmazzola)

Just an idea...
What about using a Valve?

Luigi
Actions