[jboss-jira] [JBoss JIRA] Created: (JBAS-7923) Authentication caches wrong credential settings

[ali aslan (JIRA)]

Authentication caches wrong credential settings
-----------------------------------------------

                 Key: JBAS-7923
                 URL: https://jira.jboss.org/jira/browse/JBAS-7923
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: JBossAS-5.1.0.GA
         Environment: Windows Vista, jdk1.5.0_18, MySQL Server 5.0
            Reporter: ali aslan
            Assignee: Anil Saldhana


My Problem is that I can login/logout with different users as long as I do not enter a wrong password for a user.

If this happens it is not possible to authenticate any other user. Authentication always fails.

If I delete the browser cookies I can authenticate the user again.

The JAAS configuration in jboss-service.xml 

   <!-- JAAS security manager and realm mapping -->
   <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
      name="jboss.security:service=JaasSecurityManager">
      <attribute name="ServerMode">true</attribute>
      <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
      <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
       <attribute name="DefaultCacheTimeout">0</attribute>
      <attribute name="DefaultCacheResolution">0</attribute>

      <attribute name="DeepCopySubjectMode">false</attribute>
   </mbean>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira