I breakpoint on this line during login:
((JNDIAndSaltAwareJdbcRealm)r).getAuthenticationCache();
which returns null in this:
public class JNDIAndSaltAwareJdbcRealm extends JdbcRealm {
...
protected SaltedAuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
...
for (Realm r : ((RealmSecurityManager) SecurityUtils
.getSecurityManager()).getRealms())
if (JNDIAndSaltAwareJdbcRealm.class.isInstance(r)) {
((JNDIAndSaltAwareJdbcRealm)r).getAuthenticationCache();
}
...
}
}
I need to log out a given user that is currently logged in programmatically,
for the following use case and perhaps an admin command later.
The use case is this:
I've implemented logic for preventing an account being logged into
concurrently.
Suppose that somehow someone enters in possession of the user/password of
the account creator and uses his account w/ or w/o his permission. I want to
give the main user/creator, the one who registered the account and knows its
email, the ability to reclaim his account by doing the following:
> use an "I forgot my password" link
> enter account email (unique)
> get a confirmation link in email
> on link activation, the password is changed and all other instances of the
> account must be logged out (only one can exist, because there can't be any
> two other logged in at one time); the user gets the new password in his
> email (and recommended to change it after login)
That way the account is recoverable.
So the question is:
How to log out a logged in account programmatically?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/how-to-log-out-programatically-authentication-cache-problem-tp7420486p7420486.html
Sent from the Shiro User mailing list archive at Nabble.com.
