[ http://issues.apache.org/jira/browse/JS2-302?page=all ]
Ate Douma resolved JS2-302:
---------------------------
Fix Version: 2.0-M4
Resolution: Won't Fix
Michael,
This is an JBoss specific issue which I think is unlikely to be solved in
Jetspeed as you need to use JBoss specific api to clear the credential cache.
And, as we cannot include *any* JBoss api specific code under Apache license,
I'm resolving this as Won't Fix.
If you have other thoughts/solutions in mind, then please reopen.
> Password change not propagated to JBoss
> ---------------------------------------
>
> Key: JS2-302
> URL: http://issues.apache.org/jira/browse/JS2-302
> Project: Jetspeed 2
> Type: Bug
> Components: Security
> Versions: 2.0-dev/cvs
> Environment: JBoss/HSQL
> Reporter: Michael Lipp
> Assignee: Ate Douma
> Fix For: 2.0-M4
>
> In Tomcat/JBoss the credentials used to authenticate in the Web tier (Tomcat)
> are save in some "global variables" during login. This information is
> subsequently used when a servlet tries to access an EJB. This happens in the
> security "adaption layer" of tomcat.
> If a user changes his or her password, the saved credentials are not updated,
> and as a consequence all accesses to EJBs fail. A workaround is to logout and
> re-login after a password change (for the advanced user who knows what
> happens ;-)).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
