[jboss-user] [Security & JAAS/JBoss] - Re: Re-login a user programmatically after changing his pass
do-not-reply at jboss.com
Mon May 26 11:43:09 EDT 2008
"piotr.koper" wrote : I think JBoss stores password in cache. Try to clear cache after changing password.
Thanks for the response.
After reading different articles, web-logs and bug descriptions I learned Tomcat is the one that stores password in http session. To clear the stored password you can write a valve for tomcat to do so or if you are running on Jboss 4.2.2 simply use the new WebAuthentication class to re-authenticate the user with new password programmatically.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4153404#4153404
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4153404
More information about the jboss-user