Custom Login handler

Joshua Brodie josbrodie at
Sun Sep 4 07:54:03 BST 2011

Thank you everyone for the great feedback.

The requirements have changed - always to be expected :)

The sequence of events required are:

1) User authenticates at IdP
2) If username/password correct, check business rule, based on the
student's records (three potential workflows):

   A) User must read and agree to University fee change etc.; when
agreed, forward to SP

   B) Deny access (extreme case where user's have not paid; for legal
reasons a page, with long legal text will appear)

   C) User is forwarded to SP (no intermediary screens)


i) Should I focus on cloning UsernamePasswordLoginServlet and adapting
it to my requirements?

ii) will this be with JAAS? i.e. authenticate person first, then
determine's the user's workflow, i.e. pass to staging page where they
must agree to new fee structure etc?

iii) will this be via a non-JAAS scenario where I clone
UsernamePasswordLoginServlet - and write a new servlet, with
middle-layer to process business rules

Thank you - your feedback help especially with many late nights and
the thinking is not as clear as it should be!

On 31 August 2011 22:58, Halm Reusser <halm.reusser at> wrote:
> On 31.08.11 08:24, Joshua Brodie wrote:
>> Can anyone point me to a custom login handler? A simple example will
>> be great; I have to validate userName, password and then present
>> cutomise messaging, before forwarding to SP.
> Joshua, you might want to rely upon the existing JAAS UsernamePassword
> LoginHandler and just extend it with your needed features (e.g., show
> custom message).
> -Halm
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list