On 8/22/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > 1. Checks to see if the Session exists and has a Principal. > 2. Checks to see if the Session contains my "User" object. > If not, it loads the User object and performs the "real" login > (as opposed to the basic authentication provided by the container). > 3. Checks to see what the user's "status" is. > If the user is in the "must change password" state, I send them > to the "change password" screen.
Using the default tomcat realms I see 2 possibilities: 1. use the JDBCRealm and create a SQL view for user_roles. If the user has an expired password, then a role called "expiredPassword" should exist as a row in this view. 2. use the JAASRealm, if the password is expired add the role "expiredPassword". Both of these would require a Filter that checks for the existence of the role "expiredPassword" and redirect as needed. I just find it hard to believe that there is no open-source project/library to mange users that includes the above functionality. -Steve --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]