JDBCRealm does not provide this sort of feature. You need to write one up yourself. I just written one for my webb app. Mine uses hibernate, but it’s not essential, as the steps are pretty generic.

1. First set a session attribute ‘checkExpired’ in your login.jsp (or whatever you called it).

<c:set var="checkExpired" value="true" scope="session" />

1. Then in your index.jsp add a bit of code to read the checkExpired and if it’s set to true – perform the dates check and set the value of checkExpired to false! Obtain the last date when the pass was changed (stored in the database) and compare it with the current date. If it’s say 90 days older (or more) redirect the user to change password jsp page.

2. My changepass.jsp includes a form where the user types in the new password. The action of the form is to call the servlet that handles passwords changing.

3. The pass changing servlet validates the password, writes it to the database and updates the last_pass_change field in the databasse to the current date. Finally, it redirects to index.jsp.

Now, this is not elegant at all (IMHO at least), but that’s the price you pay when using JDBCRealm for authentication. If you want to you can read around extending your server’s functionality or providing your own realm. However, this seems like a lot of work for something so trivial.

Good luck,

Damo