[jboss-user] [Security & JAAS/JBoss] - Re: why it is possible to login with old password in JAAS(Da

j2ee_junkie do-not-reply at jboss.com
Thu Aug 3 08:14:36 EDT 2006


Baskar,

After a password is changed, the user must be logged out of application (i.e. JBossSX cache flush).  If your UI is web-based, this usually can occure by invalidating the web session.  Is this step happening?  You can verify what principals are in the cache via the jmx-console (mbean: jboss.security:service=JaasSecurityManager).

cgriffith

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962807#3962807

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962807



More information about the jboss-user mailing list