hmm yeah that might work. however, the user has the option of continuing using the system without updating the password. i think it would then break the logic, since subsequent login will also throw the ExpiredPasswordException.
do you have any other idea how to solve this problem? btw, is it confirmed that we cannot retrieve the AuthenticationInfo from a Subject? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Get-AuthenticationInfo-From-Subject-tp5003710p5006311.html Sent from the Shiro User mailing list archive at Nabble.com.
