[jboss-user] [Security & JAAS/JBoss] - how jboss container should behave

Tuesday, 15 January 2008

The jboss customized login module implemented:

here is the issues:

1. user login to access the application properly;
2. user simply exited the browser;
3. use relogin to the app , the login module bypassed because of the user credential
caching.

to solve the problems:

1. either set the defaulttimeout = 0 or
2 put the following code to the app:

try{
                        ObjectName jaasMgr = new
ObjectName("jboss.security:service=JaasSecurityManager");
                        Object[] params = {domain};
                        String[] signature = {"java.lang.String"};
                        MBeanServer server = (MBeanServer)
MBeanServerFactory.findMBeanServer(null).get(0);
                        server.invoke(jaasMgr, "flushAuthenticationCache",
params, signature);
                        }catch(Exception ee) {}

questions:

1. should the container called the logout() implicitly when user exit the browser?

2.if the answer is no for question 1, what is the right way to flush the user credentials?
set the defaulttimeout = 0 or use the above code?

3. what is the difference between set the defaulttimeout = 0 and the code above to
explicitly flush the user credentials?

thanks for your help

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120191#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - how jboss container should behave