Hello there! I'm using j_security_check + a Custom LoginModule to implement web security (in our SRS we don't need bean method level security). Well for a given scenario (user tries to login and enter an invalid userName/password) it's working just fine, since I throw a LoginException. My question is, I have another scenarios:
Password expired User deactivated
Each one should redirect to a diferent page. Since j_security_check always sends the user to the first page requested, or the default error page, how can one accomplish that?
from what i know, j_security_check is strictly thumbs-up/thumbs-down, you logged in successfully or you didn't. there is nothing in it to handle explaining why you didn't.
so you are looking at a custom implementation, where you handle the entire login process yourself. some app-servers (jboss is the one i have in mind) could let you drop in a plugin and keep the j2ee login, but that's obviously app-server-specific