[jboss-user] [Security & JAAS/JBoss] - Re: How to flush the old password
do-not-reply at jboss.com
Fri Aug 29 07:36:25 EDT 2008
Although this is a solution, but caching private credentials seems not appropriate. The JAAS specification does not enforce not caching private credentials, but it argues that it is better to clean the private credentials. So, the developer should have a chance to specify such a behavior when the application is configured, but not programmaticly.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173302#4173302
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4173302
More information about the jboss-user