[jboss-jira] [JBoss JIRA] Created: (JBAS-7730) WebAuthentication - unable to remove Principal from Cache
Maarten van Leunen (JIRA)
jira-events at lists.jboss.org
Fri Feb 12 06:37:10 EST 2010
WebAuthentication - unable to remove Principal from Cache
---------------------------------------------------------
Key: JBAS-7730
URL: https://jira.jboss.org/jira/browse/JBAS-7730
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web Services
Affects Versions: JBossAS-4.2.3.GA
Environment: Windows XP, Java 6.0.17, MSSQL db
Reporter: Maarten van Leunen
Assignee: Alessio Soldano
Priority: Minor
http://community.jboss.org/wiki/CachingLoginCredentials
I've tried basically all of the above to make sure that a Principal that is logged in and wishes to delete his account is properly logged out so that his Principal is no longer cached by the JaasSecurityManagerService.
We've already had all of the below:
- (new WebAuthentication).logout()
- HttpSession.invalidate()
- add flushOnSessionInvalidation="true" to jboss-web.xml
Tried adding code to Programatic Flushing via JMX, but did not have any effect.
Disabling Caching
- this worked, but was unacceptable, seeing as the amount of attempts to authorize using the database increased dramatically.
- currently we have a DefaultCacheTimeout set to 9600 seconds, and after that time, the account is indeedy removed from the Cache and the database is once more contacted to retrieve the Principal
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list