]
John Schneider commented on JBMETA-392:
---------------------------------------
What is the status of this issue? Can the fix be merged in for the next releases of
Wildfly and EAP?
The flushOnSessionInvalidation attribute is missing in the jboss-web
schema and the parser
------------------------------------------------------------------------------------------
Key: JBMETA-392
URL:
https://issues.jboss.org/browse/JBMETA-392
Project: JBoss Metadata
Issue Type: Bug
Components: web
Reporter: Ivo Studensky
Assignee: Ivo Studensky
The class {{org.jboss.metadata.parser.jbossweb.JBossWebMetaDataParser}} doesn't
support reading {{"flushOnSessionInvalidation"}} attribute on
{{"security-domain"}} element. And also the schema files for {{jboss-web.xml}}
doesn't mention this attribute.
The class {{org.jboss.metadata.web.jboss.JBossWebMetaData}} contains the attribute
{{flushOnSessionInvalidation}}, which comes from old JBoss versions (3.2 and 4.0). [The
description|https://developer.jboss.org/wiki/CachingLoginCredentials] says:
??The jboss-web.xml security-domain element now supports a flushOnSessionInvalidation
boolean attribute that when true, will flush the security-domain JAAS authentication cache
for the associated user principal.??
This attribute is also supported in WildFly integration with Undertow ([look at
source|https://github.com/wildfly/wildfly/blob/10.0.0.CR3/undertow/src/ma...]),
but the code is never reached as the flushOnSessionInvalidation attribute value stays
always *false*.