I am using form base authentication with web.xml security constraints.
It works fine in that if you enter the correct username and password you get
in.
What I want to do is provide feedback to the user for certain conditions,
such as password is expired and they can not login or about to expire and
take them to the change password page.
The password expire feature is done by tracking how long it has been since
they changed it.
Is there an easy way to make some extra checks and then control which page
is shown after authentication or failed authentication?
I am starting down the path of rewriting FormAuthenticator. The problem
with this is that all my web apps must conform to this same approach.
Prior to using the web.xml to enforce security my login servlet would make
these checks and then redirect to the correct page.
Thanks
