You cannot disable it but you can
lowering it into 1 second. By using
the following config in jboss.jcml.
For me this is good enough I hope it is
good enough for you :)
<mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
name="Security:name=JaasSecurityManager">
<attribute
name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
<attribute
name="LoginConfig">Security:name=DefaultLoginConfig</attribute>
<attribute name="DefaultCacheTimeout">1</attribute>
<attribute name="DefaultCacheResolution">1</attribute>
</mbean>
Luttrell, Peter wrote:
> both levels. since the JaasSecurityManager is used for authentication
> and authorization for both.
>
> i wrote my own LoginModule that verifies name, password and also an
> account lock (specific to my app) in order to authorize the user. So the
> following scenario doesn't work:
> 1) user logs in successfully (accountLock==false)
> 2) an administrator locks the account
> 3) the same user attempts to login (accountLock==true) and succeeds.
> now if my LoginModule were called it would accurately reject the
> request, but my login module is not called. There appears to be because
> a cache that is caching positive logins based on only the username and
> password, hence eliminating the accountLock check that I have.
>
> thus i assume that to fix my problem i need to disable the
> authentication cache.
>
> .peter
>
> -----Original Message-----
> *From:* Dmitri Colebatch [mailto:[EMAIL PROTECTED]]
> *Sent:* Monday, June 10, 2002 10:08 PM
> *To:* Peter Luttrell
> *Cc:* [EMAIL PROTECTED]
> *Subject:* Re: [JBoss-user] [JBOSSSX] Disable Authentication Cache?
>
> at what level? ejb or web?
>
> ----- Original Message -----
> *From:* Peter Luttrell <mailto:[EMAIL PROTECTED]>
> *To:* 'Dmitri Colebatch' <mailto:[EMAIL PROTECTED]>
> *Sent:* Tuesday, June 11, 2002 12:58 PM
> *Subject:* FW: [JBoss-user] [JBOSSSX] Disable Authentication Cache?
>
> thanks again for the info on the other (subjectless) thread.
>
> do you happen to know anything about my other post?
>
> -----Original Message-----
> *From:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> [mailto:[EMAIL PROTECTED]] *On Behalf
> Of *Luttrell, Peter
> *Sent:* Monday, June 10, 2002 2:31 PM
> *To:* '[EMAIL PROTECTED]'
> <mailto:'[EMAIL PROTECTED]'>; 'Scott M Stark'
> *Subject:* [JBoss-user] [JBOSSSX] Disable Authentication Cache?
>
> How do you disable the authentication cache in the
> JaasSecurityManager?
>
>
>
>
_______________________________________________________________
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
