ya, it was a bit vague... I'm using declarative security for my webapp. I'm using form based authentication and I have a standard login page that posts to j_security_check.
I need to administratively force the user to change their password on next login. I was hoping to handle this by writing my own implementation of the servlet that handles the j_security_check request. It would check the for a flag and forward on to a different page to force the password reset and once complete forward on to the originally request destination. I couldn't find any info about how to do this in the jboss or tomcat docs, hence the post. Then I realized that a user could get around the forced password change if they changed the url, which lead me to believe that I need to put a check on the top of every page, which i didn't really like. But it sounds unavoidable (based on the other reply). thanks. ..peter -----Original Message----- From: Starsinic, Frank [mailto:[EMAIL PROTECTED]] Sent: Monday, June 10, 2002 7:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-user] (no subject) i think you need to be more specific but i've done this in several applications. to redirect the user you can do ... response.sendRedirect("http://whoosywhattttsa.com/a.jsp"); i think this is what you're looking for. if not, let me know. frank -----Original Message----- From: Peter Luttrell [mailto:[EMAIL PROTECTED]] Sent: Monday, June 10, 2002 4:34 PM To: [EMAIL PROTECTED] Subject: [JBoss-user] (no subject) I have a secure webapp that uses form based authentication. After a successfull login I need to check a flag and then potentially forward to a special page where the user is forced to change their password. Does anybody know how to do this? thanks. ...peter _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm? source=osdntextlink _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user