Hi, I faced the problem trying to change membership of currently logged in user.
I have a page Page_A, which has access limited only for users in role Role_A, and a User_A, which is not in this role. Then I perform following steps: 1. I login as User_A. I don't see Page_A in navigation area, where CatalogPortlet is displayed, and this is OK. 2. Then I add User_A to the Role_A (this is done from another browser instance where I'm logged in as admin). 3. As a User_A I hit "Refresh" in a browser, and I still do not see Page_A in navigation area, which seems to be wrong. 4. Attempt to access Page_A directly by constructing URL gives me the 403 error, which means that problem is not only in CatalogPortlet caching user's privileges. 5. I'm logging of the User_A and logging in again as User_A. I can see the Page_A - this is OK 6. I remove user from ROLE_A - and i still have access to PAGE_A, till the next logoff/login. So, my guess is that user's privileges/membership information is cached until next user's login. I use out-of-the-box JBoss Portal 2.6.2 (using default Hibernate implementation of User/Role/Membership modules). I've seen the issue http://jira.jboss.com/jira/browse/JBPORTAL-1708 - "Identity APIs should invalidate cache on update/change of role membership", and tried proposed workaround, turning both query caching and second level cache, but had no luck. Have I missed something? Is this a bug, or expected behavior? If this is expected behavior, is there a way to get rid of such caching? It really stops me from implementing flexible access control with assigning different roles to user on-the-fly programatically. Thanks in advance. -- Alexander Syedin View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101640#4101640 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4101640 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
