I am using 0.8.2 and I am encountering two (somewhat common) requirements.
- updating failed logon attempts for a User
- change password step during the logon process
The first requirement.. of updating the users failed logon attempts is working.. I simply tied into the the AuthenticationFailureEvents that are published (i.e. ApplicationListener).. so that is fine.
The 2nd requirement, I want to force a user to change their password (i.e. if it expires... or if they are a new user)
Right now, I have a User table and a "change password" indicator... so I mapped that boolean to the "credentials expired" attribute on the UserDetails.
This will then throw a CredentialsExpiredException and I can map that exception in the processing filter to a specific page... however, I am wondering how other ppl have approached this requirement?
Right now, it goes to a change password page.. however its not integrated with the j_security_check acegi logon... which I want.
Basically, I want to force a user to change their password... when they logon... ideally this would be an integrated process..
i.e. a logon with change password
Has anyone else implemented something similar?