[jboss-user] [Security & JAAS/JBoss] - Re: Credential caching question

jaikiran do-not-reply at jboss.com
Fri Jul 14 11:48:06 EDT 2006

anonymous wrote : I want to let the user know that they have authenticated but failed authorization and to trying logging in with another username and password that has authorization

On detecting a authorization failure, why dont you invalidate the session, so that user credentials are discarded:


However, i am not sure whether this is the right approach to follow. There might even be better approaches.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958122#3958122

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958122

More information about the jboss-user mailing list