How to write a login page that handles expired passwords (ZOS/390/CICS)

I know that the j2ee spec doesn't allow for directly handing password expiry and change. See IBM redbook "WebSphere Application Server on z/OS and Security Integration" at page 57 where this is clearly stated.

Has anyone managed to create a login suite that uses extensions to detect expired passwords, and allows them to be changed on some other page? I've tried using the suite but this seems to fail CICS authorisation when invoked, possibly because the caller is as yet unauthenticated.

This is a java -> ibm cics question so please could you constrain answers and comments to this sphere rather than Spring etc?

java 1.8, cics 5.3, liberty v17 Its the enquiry mechanism and update mechanism that I need assistance with, I can handle the login suite, filters and servlets myself.


  • I suggest looking at the CICS API and mapping to JCICS classes. You could write COBOL (or PL/I, or Assembler) programs wrapped around those CICS APIs not exposed by the JCICS classes, then invoke with a channel or commarea.