Mar 19th, 2007, 06:17 PM
Authenticate use and check for password change
Hello, on more tim here is a question on what is the best way to achieve what I would like to do.
When our users are created they are attributed with a temporary password, so after the first login we need them to change their password.
To achieve that I wanted to use the isCredentialsNonExpired() method on the UserDetails object to return false for the user first login.
So that is to say that in case of a CredentialsExpiredException the user is redirected to a change password form (until now nothing special).
The problem I am facing is that when a CredentialsExpiredException is thrown it seems (if my understanding is good) that the user is considered as not authenticated, so I cannot retrieve my user info from the SecurityContextHolder to be able to update the password and set him as authenticated.
I have check all the messages in the forum but I did not find what would be the best way to achieve that.
May you help me?
One more question, was the messages.properties file already translated in French? If not I can do it and make it available, just let me know.
Thanks a lot.
Mar 20th, 2007, 07:05 AM
Take a look to all messages I've post ..
The default behaviour of Authenticator is to throw an exception if account is expired .. so the only way is to extend it and write your own Authenticator.
Then, override the createUserDetails( .. ) and thanks to your UserManager populate roles ..
Yes, I know, it is a little bit hard to understand ..
Mar 20th, 2007, 07:47 AM
As the previous post suggested I would search on the forum. There have been several solutions to this problem. As for the french translation you might want to have a look at JIRA. You could raise an issue and attach the translation for inclusion.
Mar 20th, 2007, 07:48 AM