[jboss-dev-forums] [Design of Security on JBoss] - Re: Security Cache Flush on Http Session Expiration
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Nov 19 10:24:50 EST 2008
Two things:
1) When your user logs out, call session.invalidate() and
2)
| <security-domain flushOnSessionInvalidation="true">
|
in the jboss-web.xml
That should take care of things. Internally a JAAS logout() is called which should call the logout of your custom LM.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190534#4190534
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190534
More information about the jboss-dev-forums
mailing list