The workflows in the UI plugin are really just there to get you started - feel free to customize as described in the docs.
Burt
> I'm using spring-security-core and spring-security-ui plugins for an
> application I'm building. I have a special requirement that users are
> approved before their account is activated. To accomplish this I have set
> the user accounts that are created through the register controller to be
> disabled by default.
>
> The issue that I'm having is that users are still automatically logged in
> once their registration is complete. I've looked at the code and found that
> springSecurityService.reauthenticate() is called at the end of the action to
> log the user in. That makes complete sense to me, but it seems like the
> user's account should be checked to verify that it is enabled and not
> expired before logging the user in. I would expect that the intent of the
> reauthenticate is to do the login for the user. If this is the case I'd
> expect disabled users to be punted out with an error message.
>
> Extending the controller to have this behavior is trivial, I was wondering
> if this is something that should be considered as an improvement for the
> future.
>
> Thanks,
> Steve
>
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
Locked
