Databases
StackOverflow2013
Postsdbo
POForcing user to change expired password in spring security
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POForcing user to change expired password in spring security
    primarykey
    data
    text
    <p>I am building spring mvc and spring security based web based application.</p> <p>I have implemented Reset Password functionality.System Administrator will reset password of any user .Random generated password will be emailed to user and same will be updated in database.</p> <p>Now I want whenever user login with random generated password, i want to force user to change its password.</p> <p>Please have a look to my <strong>user</strong> TABLE.</p> <p>userid bigint(20)<br> username varchar(20)<br> password varchar(65)<br> email varchar(50)<br> firstname varchar(20)<br> lastname varchar(20)<br> groupname varchar(50)<br> enabled tinyint(1)<br> credentialsNonExpired tinyint(1) </p> <p><strong>MY Authentication Provider</strong> </p> <pre><code> &lt;!-- Configuring Authentication Provider to make use of spring security provided Jdbc user management service --&gt; &lt;authentication-provider user-service-ref="jdbcUserService"&gt; &lt;!-- Configuring SHA-1 Password Encoding scheme to secure user credential --&gt; &lt;password-encoder ref="sha1PasswordEncoder" /&gt; &lt;/authentication-provider&gt; &lt;/authentication-manager&gt; </code></pre> <p>I have used <strong>JDBCUserDetailsService</strong> extending <strong>JDBCDaoImpl</strong> as <strong>jdbcUserService</strong>.</p> <p>I want to set <strong>credentialNonExpired</strong> to false column of my user table when I am resetting password.</p> <p>I am able to do that.</p> <p>But when i login, spring security <strong>JDBCuserdetailsservice loadUserbyUsername</strong> getting only username,password,enabled columns and rest of all fields set to true.</p> <pre><code>protected List&lt;UserDetails&gt; loadUsersByUsername(String username) { return getJdbcTemplate().query(usersByUsernameQuery, new String[] {username}, new RowMapper&lt;UserDetails&gt;() { public UserDetails mapRow(ResultSet rs, int rowNum) throws SQLException { String username = rs.getString(1); String password = rs.getString(2); boolean enabled = rs.getBoolean(3); return new User(username, password, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES); } }); } </code></pre> <p>But I want actual <strong>credentialNonExpired</strong> field which is set by reset password, so that spring security will throw CREDENTIALEXPIREDEXCEPTION.</p> <p>I am achieving that by loading above method, but is there any other way to redirect user to change password page when they login with expired password.</p> <p>Please tell me how can i do that ?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USKetan
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POForcing user to change expired password in spring security
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POForcing user to change expired password in spring security
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POForcing user to change expired password in spring security
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload