[jboss-user] [Security & JAAS/JBoss] - AbstractServerLogin module.logout and cached principals

[maggu]

Hi all,
I am implementing a very simple web application and adding a custom class extending from the DatabaseLoginModule. All it does is extend initialize() by adding a few more variables, and extend login() by adding some checking logic before and after a call to super.login(). So, I have not modifed login() in any other way. 

One thing I am doing is: 1) I log in with proper credentials (eg: john/1234), the credentials get stored in cache.
2) I login without proper password (eg: john/qqqqqq), the login method throws a FailedLoginException.
3) During this failed login exception, I am trying to remove the previously authenticated entry from the cache. I was calling AbstactServerLogin's logout() method, thinking this should do the trick, but realize that the principals Set the method looks up is different (?) from the one used in commit method.

How then , can I get back to the cached principal and remove it from the cache? 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171050#4171050

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171050