[jboss-user] [Security & JAAS/JBoss] - Re: Credential caching question
jaikiran
do-not-reply at jboss.com
Fri Jul 14 11:48:06 EDT 2006
anonymous wrote : I want to let the user know that they have authenticated but failed authorization and to trying logging in with another username and password that has authorization
On detecting a authorization failure, why dont you invalidate the session, so that user credentials are discarded:
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpSession.html#invalidate()
However, i am not sure whether this is the right approach to follow. There might even be better approaches.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958122#3958122
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958122
More information about the jboss-user
mailing list