Hello Neven Thanks for your reply. I didnt find anything about security filter in the tomcat docs, is this a common filter. important would be that the filter triggers only when users perform a j_security check, and not on every request.
should i use <filter-mapping>/j_security_check</filter-mapping> ? Cheers Stefan 2013/9/16 Neven Cvetkovic <neven.cvetko...@gmail.com> > > The problem: > > > > > > > > The user should have a password which should change after a time (eg one > > month). > > > > So how do i intercept a login request after j_security_check which > > redirects the user to a „change your password“ page before redirecting > him > > (as it usually would be), to the url he requested initially (of course > this > > should only happen when users password has expired)? > > > > > > > > Ist there a solution out of the box, and if not which classes should i > > investigate to impement a custom solution ? > > > > Stefan, I am not sure there exist such an out of box solution. > > I would probably rewrite a security filter and check for the "freshness" > of the password ... (have a timestamp attribute in database that stores > time when password was updated last) > > Great things about filters you can easily stack them, turn them on or off > ... and essentially separate the security (auditing, logging, etc..) > concerns... >