Thursday, June 26, 2003 06:54:55 Hello Scott.
I am beginner at JBoss security, so sorry for my silly question. As it is written in documentation, the client login module (during login method call) simply binds the username and password to JBoss EJB invocation layer for later authentication on the server. Does the logout method has a remote call inside the realization, during which the auth cache at the server is cleaned from correspondent principal/credential information? -- Best regards, Alexander On Wed, 25 Jun 2003 13:29:54 -0700, you wrote: SMS> There is no way to update the auth cache short of populating it with a SMS> valid authentication. The password change operation should be SMS> invalidating the session and then reestablishing it as part of the SMS> password change form to refresh the auth cache/session and update the SMS> ldap store. SMS> -- SMS> xxxxxxxxxxxxxxxxxxxxxxxx SMS> Scott Stark SMS> Chief Technology Officer SMS> JBoss Group, LLC SMS> xxxxxxxxxxxxxxxxxxxxxxxx SMS> Spencer wrote: >> Currently, my web app uses LDAP to authenticate. When a user changes >> their password in LDAP, it does not get updated in the Auth Cache >> (which is expected behavior), so the old password is valid until the >> user logs in with the new password. >> >> I found the manual entry about flushing the authentication cache, but >> doing so logs the user out of the app. So if I do it upon the password >> change, the user has to log right back in. I would do it upon logout, >> but there's no guarantee that the user will logout, as opposed to just >> closing the browser. >> >> So the question is whether or not there's a way to update a specific >> user's credentials in the Auth Cache without having the user forcibly >> logged off. >> >> TIA, >> Spencer >> ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
