Forcing user to change expired password in spring security

Question

I am building spring mvc and spring security based web based application.

I have implemented Reset Password functionality.System Administrator will reset password of

Answer 1

Quite late answer and I don't know if you're using Spring 2 or 3. But in Spring 3 you can do it this way.

Include the following in your Spring security context:

    
        
            /change_password_page
        
    
    

Of course you can map other specific authentication exceptions to other pages.

If you're using the form-login element, then you have to specify the authentication-failure-handler-ref attribute (and remove authentication-failure-url if used)

And final step is to create the change password page.

Keep in mind that the user is not authenticated when redirected to the change password page.