You can control this by installing your own authentication cache. By default
a timed
cache is used, but there aren't any methods exposed to flush this cache.
I'll add this.
----- Original Message -----
From: "Martin Renner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 07, 2001 3:16 AM
Subject: [JBoss-user] EJB security
> Hi.
>
> I configured JBoss (in auth.conf) to use the class
> org.jboss.security.auth.spi.DatabaseServerLoginModule for user
authentication and
> role mapping. When an user logs in, I can trace that his roles are loaded
from the
> database (method: getRoleSets()).
>
> During runtime, I made a test:
>
> While the user was logged in, I removed all of its role associations from
the
> database. However, the user could still call every EJB method, because
> "getRoleSets()" was never executed again for this user.
>
> Is there a possibility to invalidate the "User -> Role" cache in JBoss and
to force a
> reload of the role mapping?
>
>
> Martin
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
