[jboss-user] [Security & JAAS/JBoss] - Re: Re-login a user programmatically after changing his pass

mohammadk do-not-reply at jboss.com
Mon May 26 11:43:09 EDT 2008


"piotr.koper" wrote : I think JBoss stores password in cache. Try to clear cache after changing password.
  | 
  | piotr.koper

Thanks for the response.
After reading different articles, web-logs and bug descriptions I learned Tomcat is the one that stores password in http session. To clear the stored password you can write a valve for tomcat to do so or if you are running on Jboss 4.2.2 simply use the new WebAuthentication class to re-authenticate the user with new password programmatically.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4153404#4153404

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4153404



More information about the jboss-user mailing list