[jboss-user] [Security & JAAS/JBoss] - Prevent Multiple Authentication Sessions for a Single Accoun
clevelam
do-not-reply at jboss.com
Mon Nov 17 20:34:59 EST 2008
Hi,
I'm trying to determine the best way to prevent multiple authenticated sessions for a single account. I'm using JBOSS's WebAuthentication class to do programmatic authentication. As well as having a custom login module on the other in. The login module verifies credentials as well as sets an in-use flag in a database.
When attempting to login a second time. I noticed that JBOSS cached the security credentials and was not performing a full login in order to check the database status.
I then figured out how to disable credential caching in JBOSS.
When I tried to do a second login on the next occurrence. I noticed that jboss actually calls logout before login in. So, the in-use flag is reset to not in use and a second user is able to log in.
Any help with this situation would be appreciate. I would like a situation where if a user tries to login from another computer he is told that the account is in use.
Additionally, and I'm still trying to verify this requirement. (If a opens a second browser.. i want him to get a message saying in use) If the browser clothes all together and opens up again... I want to let him back in.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189955#4189955
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4189955
More information about the jboss-user
mailing list