forcing user to change his password after first login

[jandrla]

Code, I didn't have time for doing it better, for now it works, any suggestion or comment is more than appreciated.

Code:

public class UserChangePasswordCheckFilter implements Filter  {
	protected final Log logger = LogFactory.getLog(getClass()); 
	
	public void destroy() {
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
                /* Should redirect occur or it shouldn't. */
		boolean redirect = false;
		
		//logger.info("UserChangePasswordCheckFilter says Hi!");
		
		if (!(request instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }

        if (!(response instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
       
        
        Authentication authentication = SecurityContextHolder
		.getContext().getAuthentication();
        
        /* Korisnik class implements UserDetails. */
        if( authentication.getPrincipal() instanceof Korisnik) {
        	Korisnik korisnik = (Korisnik) authentication.getPrincipal();
        
        	if(!korisnik.isLoggedBefore()) 
        		redirect = true;
        } 
        
/* PromenaLozinke.htm is handled by SimpleFormController, after submiting of
    form don't want to redirect. */    
      if(((HttpServletRequest)request).getServletPath().startsWith("/PromenaLozinke.htm")) 
        	redirect = false;
        
        /* If redirect is true redirect user to page for changing password,
            if it's not just doFilter. */        
       	if(redirect)
       	{
       		logger.info("Spremam se za redirekciju!");
       		ServletContext context = ((HttpServletRequest)request).getSession().getServletContext();
    		RequestDispatcher rd = context.getRequestDispatcher("/PromenaLozinke.htm");
    		if(rd != null) {
    			logger.info("ok!");
    			rd.forward(request, response);
    		}
       	}
       	else
       		chain.doFilter(request, response);
	}

	public void init(FilterConfig config) throws ServletException {
	}
}

I added this filter to the end of acegi filter chain in app context.

Regards.

[karldmoore]

Thanks for posting that, it was interesting to see how you'd implemented it!