[jboss-user] [Security JAAS/JBoss] - Re: Help ... flushAuthenticationCache don't work
Hi use your security-domain name as argument for the flushAuthenticationCache() operation. Tested with jboss-3.2.5 Your security-domain name is : ReportingServcieJAAS in this case invoke : flushAuthenticationCache(ReportingServcieJAAS) 1. start jmx-console and select jboss.security-service=JaasSecurityManager 2. select OperationName : flushAuthenticationCache and insert ReportingServcieJAAS as argument. 3. Invoke the operation Now your AuthenticationCache should be flushed. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4024151#4024151 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4024151 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Help ... flushAuthenticationCache don't work
THX for the reply The problem is more complex, we do a password change and want the current session to use the new password for any EJB access call -- nipunbatra indeed this is a solution but we want to avoid an authorization call (remote in our case) for each EJB access, that's why we enable the caching -- ecoray We do this flush but the problem is when the flush is done and you do a logout the EJB destroy methods are called and because the cache is flushed the applic wants to reauthenticate for EJB access but he uses the password before the change and causes several attempts to login with the user which causes the user to block (if you login 3 times with different password our login module blocks the user) I tried the SecurityAssociaton.setCredential but at next login the old password is still ini the securityassociation object, so it seems more than one securityassociation object is stored in the cache View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4024175#4024175 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4024175 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Help ... flushAuthenticationCache don't work
try this in your jboss_home/server/conf/jboss-service.xml try to modify cache params mbean code=org.jboss.security.plugins.JaasSecurityManagerService | name=jboss.security:service=JaasSecurityManager | !-- A flag which indicates whether the SecurityAssociation server mode | is set on service creation. This is true by default since the | SecurityAssociation should be thread local for multi-threaded server | operation. | -- | attribute name=ServerModetrue/attribute | attribute name=SecurityManagerClassNameorg.jboss.security.plugins.JaasSecurityManager/attribute | attribute name=DefaultUnauthenticatedPrincipalanonymous/attribute | !-- DefaultCacheTimeout: Specifies the default timed cache policy timeout | in seconds. | If you want to disable caching of security credentials, set this to 0 to | force authentication to occur every time. This has no affect if the | AuthenticationCacheJndiName has been changed from the default value. | -- | attribute name=DefaultCacheTimeout0/attribute | !-- DefaultCacheResolution: Specifies the default timed cache policy | resolution in seconds. This controls the interval at which the cache | current timestamp is updated and should be less than the DefaultCacheTimeout | in order for the timeout to be meaningful. This has no affect if the | AuthenticationCacheJndiName has been changed from the default value. | -- | !-- attribute name=DefaultCacheResolution60/attribute -- |/mbean Also in your jboss-web.xml define flushOnSessionInvalidation=true jboss-web | security-domain flushOnSessionInvalidation=true java:jaas/eluminate/security-domain | /jboss-web | Let me know if it works Thanks Nipun View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4022662#4022662 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4022662 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user