Hi.
I configured JBoss (in auth.conf) to use the class
org.jboss.security.auth.spi.DatabaseServerLoginModule for user authentication and
role mapping. When an user logs in, I can trace that his roles are loaded from the
database (method: getRoleSets()).
During runtime, I made a test:
While the user was logged in, I removed all of its role associations from the
database. However, the user could still call every EJB method, because
"getRoleSets()" was never executed again for this user.
Is there a possibility to invalidate the "User -> Role" cache in JBoss and to force a
reload of the role mapping?
Martin
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
