Announcement Announcement Module
No announcement yet.
Change Expired Credentials at Login Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change Expired Credentials at Login

    I am using Spring Security 3.1 and having some difficulty trying to implement forcing user credentials to be changed during their login.

    It is probably worth noting that I am using an extended UsernamePasswordAuthenticationFilter class so that I can pass an additional language dropdown value during authentication to set the application's requested locale after authentication finishes.

    Could some illustrate where I should place such code to support this business case with Spring Security 3.1?

  • #2
    I would create a custom filter that checks to see if the password needs changed and if it does, send the user to the change password page.


    • #3
      1) Check for credentail expired in UserDetailsService and add a role CHANGE_PASSWORD

      2) Create your own AuthenticationSuccessHandler and check for role if role has CHANGE_PASSWORD redirect it to changepassword screen

      3) In change password controller after changing password create UsernamePasswordAuthenticationToken and set authenticated tofalse which l reload authorities again/

      Less code and more elegant way.

      SecurityContextHolder.getContext().getAuthenticati on().setAuthenticated(false);