[jboss-dev-forums] [Design of Security on JBoss] - Re: Security Cache Flush on Http Session Expiration

[clevelam]

I did do a google.   That is how I found this forum.  I'm new to jboss forums and did not know this was restricted.  If you can point me to a specific google query string that will give me details on how this all works please provide.

I responded to this specific forum because it suggested enabling the PrincipalSessionAttributeFilter servlet filter.  when this filter is enabled (jboss 4.2.3) you are no longer directed to the resource you request.  
Tell me if I am wrong, but I couldnt understand why that servlet filter doesnt call chain.doFilter(request, response) to go to the next filter or resource.???  I believe the lack of the call is preventing me from viewing my resource.

Additionally, after many queries on google.   I could not find anything that directly states that flushing the cache actually calles a JAAS timeout.  In my case I actually have the cache turned off.  Reason being... when it was turned on and the user tried to do a second login ... without first logging out The cache credentials would automatically approve the login without    executing the database commands I have in the login module.

Again, if you can point me to the appropriate forum to continue getting help on this matter.  Or a single sight that explains logout on session expiration, that would be more than helpful.

Thanks again and sorry for the confusion.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190546#4190546

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190546