Home/ Questions/Q 946345
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T22:53:58+00:00

I’m using Spring Security for securing HTTP requests to a website. The primary usage

  • 0

I’m using Spring Security for securing HTTP requests to a website. The primary usage is for securing pages such that the user is redirected to the login page when trying to access those pages.

However, I have a further requirement. In my model, I can flag a user’s password as being temporary such that, when they successfully login, they should be automatically forced to change their password. Once the password is changed, they should then be forwarded on to the page they were originally trying to access.

Has anyone used Spring Security for this purpose? Do I need to create my own custom filter?

Thanks,

Andrew

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In Spring Security 3.0 you can implement a custom AuthenticationSuccessHandler.

    In this handler you can redirect a user with temporary password to the password change page instead of the originally requested page. After password is changed, you may redirect user to the originally requested page using SavedRequestAwareAuthenticationSuccessHandler, which is the default handler implementation.

    public class MyHandler implements AuthenticationSuccessHandler {
    private AuthenticationSuccessHandler target = new SavedRequestAwareAuthenticationSuccessHandler();

    public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication auth) {
        if (hasTemporaryPassword(auth)) {
            response.sendRedirect("/changePassword");
        } else {
            target.onAuthenticationSuccess(request, response, auth);
        }
    }

    public void proceed(HttpServletRequest request, 
        HttpServletResponse response, Authentication auth) {
        target.onAuthenticationSuccess(request, response, auth);
    }
}

@Controller("/changePassword")
public class ChangePasswordController {

    @Autowired
    private MyHandler handler;

    @RequestMapping(method = POST)
    public void changePassword(HttpServletRequest request, 
        HttpServletResponse response,
        @RequestParam(name = "newPassword") String newPassword) {

        // handle password change
        ...

        // proceed to the secured page
        handler.proceed(request, response, auth);        
    }

    // form display method, etc
    ...
}
    • 0