I hope the TTL is >= session timeout otherwise we will face weird bugs.
More generally, I hope that the lifecycle of the cache entry corresponding
to a cached credentials can have the same lifecycle than the http session,
otherwise we will face situations where the credentials are not cached
anymore and the session is still alive and vice and versa, which will cause
unexpected bugs
On Tue, Nov 8, 2011 at 4:03 PM, Marko Strukelj <marko.strukelj(a)gmail.com>wrote:
Re: How to perform security cache evictioncreated by Anil
Saldhana<http://community.jboss.org/people/anil.saldhana>
in *AS7 Users* - View the full
discussion<http://community.jboss.org/message/635560#635560>
------------------------------
Each cache entry has a time to live. When that expires, it is evicted.
Overall the cache itself has a default timeout.
You only care about cache eviction in situations where in the web
application has logged the user out but he is not yet evicted in the
authenticaiton cache. It is a border condition where in the user password
has changed or you need to get newer roles for the user.
Reply to this message by going to
Community<http://community.jboss.org/message/635560#635560>
Start a new discussion in AS7 Users at
Community<http://community.jboss.org/choose-container%21input.jspa?con...
On Tue, Nov 8, 2011 at 2:41 PM, Boleslaw Dawidowicz <
boleslaw.dawidowicz(a)gmail.com> wrote:
> Asked him for suggestions.
>
> Bolek
>
> On Nov 7, 2011, at 6:26 PM, Marko Strukelj wrote:
>
> I'm looking into it. I found a service that does that - but it exists at
> MSC level, so it needs to be accessed via JBoss AS7 proprietary API.
>
>
http://community.jboss.org/thread/174545
>
> Bolek, you can prod Anil to comment on this post.
>
>
> On Mon, Nov 7, 2011 at 3:46 PM, Nicolas FILOTTO <
> nicolas.filotto(a)exoplatform.com> wrote:
>
>> About
https://issues.jboss.org/browse/EXOJCR-1619, to avoid any
>> misunderstanding, can you ask internally how we can flush cached
>> credentials (as described here
>>
http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/i...)
>> on JBoss AS 7? Maybe it is not needed anymore? Or do you expect that I ask
>> the question in the forum of JBoss AS 7?
>>
>
>
>