]
Dimitris Andreadis updated JBAS-1802:
-------------------------------------
Fix Version/s: JBossAS-4.2.1.CR1
(was: JBossAS-4.2.0.CR1)
Need a way to support refreshing security roles within a session
----------------------------------------------------------------
Key: JBAS-1802
URL:
http://jira.jboss.com/jira/browse/JBAS-1802
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.1 Final
Reporter: Rick Wong
Assigned To: Anil Saldhana
Fix For: JBossAS-4.2.1.CR1
Attachments: JBossGenericPrincipal.java, OccSecurityMgrRealm.java
Currently, JBoss SX creates an instance of JBossGenericPrincipal with a fixed list of
security roles obtained from JAAS LoginModule. This special principal is cached into
Tomcat, and unchanged during the course of a user session. There is no trivial way to
refresh security roles within a session.
I have this need because my application has an administration interface that grants
permissions to various web application. I need to have user permission changes to be
reflected immediately without having current sessions to log out and then log back in to
take effect.
Unfortuately, due to the product requirement, I have to recompile JBoss and modify
JBossGenericPrincipal to make it a public class. I hope to get rid of this custom change,
and adopt a supported method from JBoss in the future releases.
Please refer to forum topic
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=63676
Thanks a lot!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: