[jboss-user] [Security & JAAS/JBoss] - Too optimistic credential caching in JBoss 3.2.7?

Tuesday, 26 September 2006

We're using JBoss 3.2.7 for our enterprise app, and notice the following behaviour. 

When a user logs in whose credentials are not yet cached, the server login module is
called nicely to obtain those credentials. 
However, after the user closes our client app -and implicitly logs out-, and logs in
again, the credentials are retrieved from the cache. All nice and well, but we observed
this exact same behaviour after the application has been fully redeployed, which, IMO, is
not desired behaviour, as JBoss should never assume the credentials are still valid after
a redeploy.

What I would like to know is whether this behaviour is known, or already fixed in newer
versions of JBoss, or how to fix/avoid such behaviour (yes, I'm aware that you can
disable credential caching, but that is more of a hack than a fix).

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974183#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Too optimistic credential caching in JBoss 3.2.7?