The jboss customized login module implemented:
here is the issues:
1. user login to access the application properly;
2. user simply exited the browser;
3. use relogin to the app , the login module bypassed because of the user
credential caching.
to solve the problems:
1. either set the defaulttimeout = 0 or
2 put the following code to the app:
try{
ObjectName jaasMgr = new
ObjectName("jboss.security:service=JaasSecurityManager");
Object[] params = {domain};
String[] signature = {"java.lang.String"};
MBeanServer server = (MBeanServer)
MBeanServerFactory.findMBeanServer(null).get(0);
server.invoke(jaasMgr, "flushAuthenticationCache",
params, signature);
}catch(Exception ee) {}
questions:
1. should the container called the logout() implicitly when user exit the
browser?
2.if the answer is no for question 1, what is the right way to flush the user
credentials? set the defaulttimeout = 0 or use the above code?
3. what is the difference between set the defaulttimeout = 0 and the code above
to explicitly flush the user credentials?
thanks for your help
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120191#4120191
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120191
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
