Hi,
I am working on the Active Directory and have configured LDAP on my publisher local instance, when i make a call to any_url/j_security_check with j_username and j_password (the user and their credentials are stored in AD) with valid credentials i get to sign in and do stuff. But i have a use case where i want the users not to interact with the system until they they verify themselves with the verification link which we generate at the time of their registration. Once they click on that registration link a property is set on the users profile which we use to check whether they can be allowed to use the system or not.
The problem is if i make a ajax call with appropriate creds, users can sign in and interact with system. Authentication in my case is ok but Authorization is not. I want to know what should be the best way to solve this problem.
Do i have to extend the Ldap login module? I think No, because it is doing what it is supposed to do. I want to fail authentication if they are not authorized to use the system. Any pointers will be of great help. I tried looking for LDAPLoginModule in depfinder and over net but could not find the jar for that.
