[jboss-user] [Security & JAAS/JBoss] - how jboss container should behave

jdsignature do-not-reply at jboss.com
Tue Jan 15 13:24:11 EST 2008


The jboss customized login module implemented:

here is the issues:

1. user login to access the application properly;
2. user simply exited the browser;
3. use relogin to the app , the login module bypassed because of the user credential caching.

to solve the problems:

1. either set the defaulttimeout = 0 or
2 put the following code to the app:

try{
                        ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
                        Object[] params = {domain};
                        String[] signature = {"java.lang.String"};
                        MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
                        server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
                        }catch(Exception ee) {}


questions:

1. should the container called the logout() implicitly when user exit the browser?

2.if the answer is no for question 1, what is the right way to flush the user credentials? set the defaulttimeout = 0 or use the above code?

3. what is the difference between set the defaulttimeout = 0 and the code above to explicitly flush the user credentials?


thanks for your help

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120191#4120191

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120191



More information about the jboss-user mailing list