1 Reply Latest reply on Jul 9, 2012 9:51 AM by apph_ apph_

    JBoss Login Module parameter after login process

    apph_ apph_ Newbie



      I have a question, if there is an option to pass some parameters with the request, after successful login process. I have a custom login module and it works fine.

      This module extends UsernamePasswordLoginModule class and uses current request object with the following code:


          protected boolean validatePassword(String inputPassword, String expectedPassword) {
              boolean result = false;
              try {
                        HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
                        String response = userService.checkOperator(username, password);
                      if (RESULT_OK.equals(response)) {
                            // everything should be fine, log the user
                            result = true;
                      } else if (PWD_TIMEOUT.equals(response)) {
                              request.setAttribute("timeout", true);
                              result = true;
                      } else {
                            request.setAttribute("responseCode", response);
                            result = false;
                  } catch (Exception e) {
                      log.error("Error occurred when invoking UserService!", e);
                  return result;



      Now, in the JSP page, I would like to decide what should I do next (based on the presence of the 'timeout' parameter): just log in the user, or present him a page, to change the password.

      This request is probably not too helpful, because it is the request, that is originally triggered when user tries to log in to the site. In the validatePassword I am making decision, if the user should be logged in or not. Probably after that, there is another request to display page after the login process, because even if I put some parameters to that request, they are not present after login process.


      What I would like to have is to redirect the user, for example to PasswordChange page if his password has expired, and not to the normal Index page. I want it to be in the secure context also... How this can be done?


      I am using JBoss 5.1 EAP.