View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3821193#3821193
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3821193 I tried to inject some addtional codes into JaasSecurityManager to trace the cache status. What I expected is after calling JaasSecurityManagerService.flushAuthenticationCache(String securityDomain, Principal user), the cache shouldn't contain the specified usr. But the result shows another story. 1. The flush method is called in vas.fresh.struts.ChangePasswordAction. 2. After that the JaasSecurityManager is called again to to see if it still has the user and it does. 2004-02-12 11:45:19,043 DEBUG [vas.fresh.struts.ChangePasswordAction] flushed: allen 2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] principal: allen, allowRefresh: true 2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] items: [allen] 2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] validateCache, info=Subject Principal: allen Principal: Roles(members:FreshAdmin) ,1076557512257 2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] principal: allen, allowRefresh: false 2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] items: [allen] What I can do now is to redue "DefaultCacheTimeout" and "DefaultCacheResolution", so the cache will expire very soon. But if it can be flushed right away, that will be superb. Allen ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user