I have extended the DatabaseServerLoginModule with my own custom LoginModule....it works fine.
One thing that I'm trying to do and can't get to work is providing an interface that allows an 'administrator' to delete a user's account. When this occurs, I call flushAuthenticationCache via JMX and through the JMX console I can see that the users's credentials have been removed. The problem I've noticed is that if the user is logged in when I delete his account, he is still allowed to access the application via his browser. I thought that the flushAuthenticationCache with that user's name would force the LoginContext to be called again whenever the user attempts to access the application again. Is this correct? Is there a way to prevent the user from accessing the application other than the methods I describe? BTW, I'm using JBoss 4.0.2. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3918766#3918766 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3918766 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
