Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

j_security_check + LoginModule

 
Vinicius Carvalho
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello there! I'm using j_security_check + a Custom LoginModule to implement web security (in our SRS we don't need bean method level security). Well for a given scenario (user tries to login and enter an invalid userName/password) it's working just fine, since I throw a LoginException. My question is, I have another scenarios:

Password expired
User deactivated

Each one should redirect to a diferent page. Since j_security_check always sends the user to the first page requested, or the default error page, how can one accomplish that?

Thanks a lot

Vinicius Carvalho
 
john guthrie
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
from what i know, j_security_check is strictly thumbs-up/thumbs-down, you logged in successfully or you didn't. there is nothing in it to handle explaining why you didn't.

so you are looking at a custom implementation, where you handle the entire login process yourself. some app-servers (jboss is the one i have in mind) could let you drop in a plugin and keep the j2ee login, but that's obviously app-server-specific
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic