enforce user to change his password before he can do anything

[houser <ma...@gmail.com>]

Hi all,
according to some conditions, the users must be enforced to change their
passwords after they login. I am using Struts 1.3, hibernate and Tomcat. The
scenario is as follows:

- when the password of the user is expired and he logs in, he is redirected
to the change password action and form. all the main menu links are disabled
(precisely, they redirected to the same change password action according to
a common flag in the session) except the log out button or the save button
of the change password form.
- So far everything is ok, the problem occurs when the user gives a direct
URL to a previously saved page in side the web-application.

can anyone tell me how can prevent the user from going anywhere in the
application if he did not change the password and save his changes?

Thanks for any help in advance
mohmans
-- 
View this message in context: http://www.nabble.com/enforce-user-to-change-his-password-before-he-can-do-anything-tp24071648p24071648.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org