Thanks Scott for the pointer to the Valve Wiki. This will likely work as well. I have also implemented a different solution that basically temporarily stores a user's "login messages" (password expiration warnings, locked accounts, etc.) collected in the extended LoginModule and subsequently displays them in a JSF PhaseListener. From a high level this is the same sort of solution that the valve would offer, except that it avoids my tight dependcy on Tomcat's Valve.
Of course, both solutions are entirely dependant upon an extension to the JBoss DatabaseLoginModule. It's suprising that the JAAS spec does not standardize a way of handling these sorts of additional security messages that many apps require. Are you aware of any additional work or extensions in this area? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3882251#3882251 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3882251 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
