There is a similar problem in using the TimedCachePolicy as the credential cache in the JaasSecurityManager when using SRP. The TimedCachePolicy only removes entries when an existing entry is replaced by a new one for the same Principal, but the SRPPrincipal object will differ every time because of the sessionID. Hence expired credentials will remain behind in the cache indefinitely.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3892028#3892028 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3892028 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
