Reputation: 2053
Custom authorization depending on user property
In my application, after the user has been logged for the first time, he has to change his default password. For this process I have a changepassword.xhtml page where he can change the password. I would like to restrict the access to another page and redirect him to changepassword.xhtml until he has changed his default password. The user class has a firstTime property where I have register if this is the first time he is logged or not.
Can I manage this in my config class?
Upvotes: 1
Views: 51
Answers (1)
Reputation: 69
I think that you have to add the USER_NEED_CHANGE_PASSWORD_ROLE role to the user and give him access only to the password change page. Also need to be stored in the base of the flag of the password change and to implement authentication-success-handler-ref = "my_handler".
When the user has successfully held the first authorization, check the status of this flag. If the flag requires a password change then redirect to the password change page. After changing the password redirect him to the login page.
Upvotes: 2
Related Questions
- Spring security Role based HTTP request Authorization
- Conditional Spring Security
- How to implement specific authorization by user level in spring boot?
- Spring Security Conditional Basic Auth
- Spring Security + restrict user based on username
- Handling complex authorization in spring security
- Allowing access for specific users in Spring Security
- Custom authorization in Spring MVC
- Spring Security Custom User Authorization Tables
- Criteria based authorization check with spring security?