[jboss-user] [Security & JAAS/JBoss] - Too optimistic credential caching in JBoss 3.2.7?

JaWi do-not-reply at jboss.com
Tue Sep 26 08:01:24 EDT 2006

We're using JBoss 3.2.7 for our enterprise app, and notice the following behaviour. 

When a user logs in whose credentials are not yet cached, the server login module is called nicely to obtain those credentials. 
However, after the user closes our client app -and implicitly logs out-, and logs in again, the credentials are retrieved from the cache. All nice and well, but we observed this exact same behaviour after the application has been fully redeployed, which, IMO, is not desired behaviour, as JBoss should never assume the credentials are still valid after a redeploy.

What I would like to know is whether this behaviour is known, or already fixed in newer versions of JBoss, or how to fix/avoid such behaviour (yes, I'm aware that you can disable credential caching, but that is more of a hack than a fix).

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974183#3974183

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974183

More information about the jboss-user mailing list