thanks for the reply ragavgomatam. but the problem I am trying to look at is removal of the successful login from the cache. From my example above. Lets say: 1) My DefaultCacheTimeout in jboss-service.xml is set to default (30 mins). 2)I log in as john successfully (username:john, password 1234). Principal john gets cached. 3) I close my browser in 2 minutes. I open my browser after 10 mins. I am prompted with a login screen. 4) I log in, but *incorrectly*. username:john, password 1111. The error page I have defined in my web.xml kicks in. *At this point, I also want to remove from the cache, the successful login from step 2.* 5) So, now, if john goes back to the login page and logs in correctly, I want to authenticate against my database instead of the cache.
For this I needed a way to go through the subjects, catch the correct subject, get the correct principal and remove it from the correct principal set, yes? That is where I am a bit stuck in, how does one get to all the subjects? I can see the principal being set in the commit method, but in logout, the Set is blank. I believe this is because on my second login attempt, the subject is different that the previous one (successful attempt at step 2). Another question is: If we cannot call the logout, how do I log out of my web application? Would I need to try session invalidation? I am confused as to how this will remove the principal from JBoss cache. thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171077#4171077 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171077 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user