I see. Thanks for the Wiki page link. I am still concern to rely on the client code to do the proper flushing (in my case, I have a remote EJB application). I guess I could flush the cache before any new call to loginContext.login, but this will still not solve my problem of not sharing the server side principal object between two clients using the same credentials (I am using a custom principal class to keep extra information that should not be shared between two clients using the same credentials).
If I write my own client custom login module, could I generate a unique number at login time that JBoss could consider as part of the user credential? I could then take advantage of all the authentication caching capabilities and still have unique "credentials" and principal object for each call to loginContext.login. Does that make sense? Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876535#3876535 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876535 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user