[jboss-user] [Security & JAAS/JBoss] - Re: Help ... flushAuthenticationCache don't work
kristof.devos
do-not-reply at jboss.com
Thu Mar 1 06:05:04 EST 2007
THX for the reply
The problem is more complex, we do a password change and want the current session to use the new password for any EJB access call
--> nipunbatra
indeed this is a solution but we want to avoid an authorization call (remote in our case) for each EJB access, that's why we enable the caching
--> ecoray
We do this flush but the problem is when the flush is done and you do a logout the EJB destroy methods are called and because the cache is flushed the applic wants to reauthenticate for EJB access but he uses the password before the change and causes several attempts to login with the user which causes the user to block (if you login 3 times with different password our login module blocks the user)
I tried the SecurityAssociaton.setCredential but at next login the old password is still ini the securityassociation object, so it seems more than one securityassociation object is stored in the cache
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024175#4024175
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024175
More information about the jboss-user
mailing list