I just find it hard to believe that there is no open-source
project/library to mange users that includes the above functionality.
Web server logins are dismal across the board, but its so easy to write
a filter so I think nobody bothered.
Peter
Stephen More wrote:
On 8/22/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
1. Checks to see if the Session exists and has a Principal.
2. Checks to see if the Session contains my "User" object.
If not, it loads the User object and performs the "real" login
(as opposed to the basic authentication provided by the container).
3. Checks to see what the user's "status" is.
If the user is in the "must change password" state, I send them
to the "change password" screen.
Using the default tomcat realms I see 2 possibilities:
1. use the JDBCRealm and create a SQL view for user_roles. If the user
has an expired password, then a role called "expiredPassword" should
exist as a row in this view.
2. use the JAASRealm, if the password is expired add the role "expiredPassword".
Both of these would require a Filter that checks for the existence of
the role "expiredPassword" and redirect as needed.
I just find it hard to believe that there is no open-source
project/library to mange users that includes the above functionality.
-Steve
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
