Hi! We use tapestry5-acegi for our app, but I'm not sure if this is a Tapestry or Acegi problem.
When setting forcePasswordChange=true in the database for a user, Acegi throws org.acegisecurity.CredentialsExpiredException (since our implementation of UserDetails.isCredentialsNonExpired() returns false). So far so good. Now the problem is that despite having the symbol "acegi.accessDenied.url" defined to "/loginrejected", no forwarding to this page occurs. I have verified that the AccessDeniedHandlerImpl has been injected with this value by removing the leading slash. (AccessDeniedHandlerImpl throws when errorPage does not start with '/') Instead, the user is redirected to the normal login page. Any ideas? Regards, Olle
