[jboss-user] [Security & JAAS/JBoss] - Re: session timeout does not invalidate the SSO

bstansberry@jboss.com do-not-reply at jboss.com
Tue Aug 22 18:49:11 EDT 2006


The SingleSignOn valve doesn't have any simple hooks for tracking this.  There may be a couple of hackish ways to get what you want:

1) Subclass SingleSignOn and override register() and deregister() to add the notifications you want (haven't looked closely; there may be other methods you need to monitor as well.)

2) Use ClusteredSingleSignOn, get hold of the JBoss Cache instance it's using, implement TreeCacheListener and monitor the SSO portion of the cache for node additions and removals. (Yuck)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966824#3966824

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966824



More information about the jboss-user mailing list