Two Laptop Bag
The moose likes Java in General and the fly likes j_security_check + LoginModule Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "j_security_check + LoginModule" Watch "j_security_check + LoginModule" New topic

j_security_check + LoginModule

Vinicius Carvalho
Ranch Hand

Joined: Dec 07, 2004
Posts: 61
Hello there! I'm using j_security_check + a Custom LoginModule to implement web security (in our SRS we don't need bean method level security). Well for a given scenario (user tries to login and enter an invalid userName/password) it's working just fine, since I throw a LoginException. My question is, I have another scenarios:

Password expired
User deactivated

Each one should redirect to a diferent page. Since j_security_check always sends the user to the first page requested, or the default error page, how can one accomplish that?

Thanks a lot

Vinicius Carvalho
john guthrie
Ranch Hand

Joined: Aug 05, 2002
Posts: 124
from what i know, j_security_check is strictly thumbs-up/thumbs-down, you logged in successfully or you didn't. there is nothing in it to handle explaining why you didn't.

so you are looking at a custom implementation, where you handle the entire login process yourself. some app-servers (jboss is the one i have in mind) could let you drop in a plugin and keep the j2ee login, but that's obviously app-server-specific
I agree. Here's the link:
subject: j_security_check + LoginModule
It's not a secret anymore!