[jboss-user] [Security & JAAS/JBoss] - how jboss container should behave
jdsignature
do-not-reply at jboss.com
Tue Jan 15 13:24:11 EST 2008
The jboss customized login module implemented:
here is the issues:
1. user login to access the application properly;
2. user simply exited the browser;
3. use relogin to the app , the login module bypassed because of the user credential caching.
to solve the problems:
1. either set the defaulttimeout = 0 or
2 put the following code to the app:
try{
ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
Object[] params = {domain};
String[] signature = {"java.lang.String"};
MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
}catch(Exception ee) {}
questions:
1. should the container called the logout() implicitly when user exit the browser?
2.if the answer is no for question 1, what is the right way to flush the user credentials? set the defaulttimeout = 0 or use the above code?
3. what is the difference between set the defaulttimeout = 0 and the code above to explicitly flush the user credentials?
thanks for your help
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120191#4120191
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120191
More information about the jboss-user
mailing list