[jboss-user] [Security & JAAS/JBoss] - How to flush the old password

oldreaper do-not-reply at jboss.com
Thu Aug 28 15:26:49 EDT 2008

I use DatabaseServerLoginModule for jboss authentication web application supported by MySQL. The function is working. 

But there is a problem when a user changes password. The old password is cached and the new password will not work if I close the browser and login again. I try to delete the cookies, local internet data whatever, it won't work. If I restart Jboss server, the new password takes effect.

So, please let me know how can I change the behavior of security manager or loginmodule that they don't cache any password.

I also find this thread with similar issue, but unfortunately no answer

The new password is supposed taking effect after the next login, but it actually does not. This is a serious negative behavior issue because it is quite normal that a user change his/her password. Many systems even force user to change password frequently.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173162#4173162

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4173162

More information about the jboss-user mailing list