Announcement Announcement Module
No announcement yet.
Password Expiration Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Expiration


    I'm trying to extend my app to support expiring of passwords. It seems the most clear cut way is to throw a CredentialsExpiredException from my AuthenticationManager and then catch the exception somewhere down the line and then redirect the user to the appropriate page.

    If you're using a SecurityEnforcementFilter, then when it gets an AuthenticationException it just forwards to an AuthenticationEntryPoint. So you have no way of modifying this behavior based on what type of exception it was.

    My question is two-fold. First, is there a better way to implement this kind of feature, other than throwing an exception in the AuthenticationManager and then trying to somehow do something with it in the AuthenticationEntryPoint?

    If it is the best way, then are there any plans to enhance the AuthenticationEntryPoint system so that you can have a more fine-grained control over the behavior for different types of exceptions?



  • #2
    We just changed AuthenticationEntryPoint's contract so it passes the AuthenticationException in. So that should provide the sort of support you need.

    Alternatively, you could subclass your AbstractProcessingFilter. It provides an onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) method which could be used to do what you're talking about.