Thursday, June 26, 2003 08:05:25
I looked in to ClientLoginModule.logout() method and found that it
only delegate control to SecurityAssociation.clear() method. This
method checks the System permissions to ensure that it is possible to
access principal information:
SecurityManager sm = System.ge
Previously I said there was no way short of performing an authentication
to place an entry in the auth cache. This is true of the default cache,
but you can install your own org.jboss.util.CachePolicy instance for use
by the security manager and this would allow you to directly manipulate
the c
Thursday, June 26, 2003 06:54:55
Hello Scott.
I am beginner at JBoss security, so sorry for my silly question. As
it is written in documentation, the client login module (during login
method call) simply binds the username and password to JBoss EJB
invocation layer for later authentication on the
There is no way to update the auth cache short of populating it with a
valid authentication. The password change operation should be
invalidating the session and then reestablishing it as part of the
password change form to refresh the auth cache/session and update the
ldap store.
--
x
Currently, my web app uses LDAP to authenticate. When a user changes
their password in LDAP, it does not get updated in the Auth Cache
(which is expected behavior), so the old password is valid until the
user logs in with the new password.
I found the manual entry about flushing the authenticatio
