Re: [JBoss-user] [JBOSSSX] Disable Authentication Cache?

[Scott M Stark]

Title: Message

Specify an org.jboss.util.CachePolicy implementation that simply returns null for any lookup and caching is disabled.   org.jboss.security.plugins.JaasSecurityManagerServiceMBean {    /**     * Set the location of the security credential cache policy. This is first treated     * as a ObjectFactory location that is capable of returning CachePolicy instances     * on a per security domain basis by appending a '/security-domain-name' string     * to this name when looking up the CachePolicy for a domain. If this fails then     * the location is treated as a single CachePolicy for all security domains.     *     * @param jndiName, the name to the ObjectFactory or CachePolicy binding.     */    void setAuthenticationCacheJndiName(String jndiName); }   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Luttrell, Peter To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Sent: Tuesday, June 11, 2002 8:33 AM Subject: RE: [JBoss-user] [JBOSSSX] Disable Authentication Cache? both levels. since the JaasSecurityManager is used for authentication and authorization for both.    i wrote my own LoginModule that verifies name, password and also an account lock (specific to my app) in order to authorize the user. So the following scenario doesn't work:     1) user logs in successfully (accountLock==false)     2) an administrator locks the account     3) the same user attempts to login (accountLock==true) and succeeds. now if my LoginModule were called it would accurately reject the request, but my login module is not called. There appears to be because a cache that is caching positive logins based on only the username and password, hence eliminating the accountLock check that I have.   thus i assume that to fix my problem i need to disable the authentication cache.   .peter -----Original Message----- From: Dmitri Colebatch [mailto:[EMAIL PROTECTED]] Sent: Monday, June 10, 2002 10:08 PM To: Peter Luttrell Cc: [EMAIL PROTECTED] Subject: Re: [JBoss-user] [JBOSSSX] Disable Authentication Cache? at what level?  ejb or web? ----- Original Message ----- From: Peter Luttrell To: 'Dmitri Colebatch' Sent: Tuesday, June 11, 2002 12:58 PM Subject: FW: [JBoss-user] [JBOSSSX] Disable Authentication Cache? thanks again for the info on the other (subjectless) thread.   do you happen to know anything about my other post? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Luttrell, Peter Sent: Monday, June 10, 2002 2:31 PM To: '[EMAIL PROTECTED]'; 'Scott M Stark' Subject: [JBoss-user] [JBOSSSX] Disable Authentication Cache? How do you disable the authentication cache in the JaasSecurityManager? This transmission contains information solely for intended recipient and may be privileged, confidential and/or otherwise protect from disclosure. If you are not the intended recipient, please contact the sender and delete all copies of this transmission. This message and/or the materials contained herein are not an offer to sell, or a solicitation of an offer to buy, any securities or other instruments. The information has been obtained or derived from sources believed by us to be reliable, but we do not represent that it is accurate or complete. Any opinions or estimates contained in this information constitute our judgment as of this date and are subject to change without notice. Any information you share with us will be used in the operation of our business, and we do not request and do not want any material, nonpublic information. Absent an express prior written agreement, we are not agreeing to treat any information confidentially and will use any and all information and reserve the right to publish or disclose any information you share with us.