[jboss-user] [Security & JAAS/JBoss] - How to flush the old password
oldreaper
do-not-reply at jboss.com
Thu Aug 28 15:26:49 EDT 2008
I use DatabaseServerLoginModule for jboss authentication web application supported by MySQL. The function is working.
But there is a problem when a user changes password. The old password is cached and the new password will not work if I close the browser and login again. I try to delete the cookies, local internet data whatever, it won't work. If I restart Jboss server, the new password takes effect.
So, please let me know how can I change the behavior of security manager or loginmodule that they don't cache any password.
I also find this thread with similar issue, but unfortunately no answer
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=128691
The new password is supposed taking effect after the next login, but it actually does not. This is a serious negative behavior issue because it is quite normal that a user change his/her password. Many systems even force user to change password frequently.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173162#4173162
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4173162
More information about the jboss-user
mailing list