Hi ,
I am using JAAS Security Manager for my application.
The loginModule used is DatabaseServerLoginModule.
The user, password information and user role information is stored in database.
In my application user's roles may get updated based on some actions.
The problem i am facing is:
when the user's roles change jboss is not reflecting that information in the sense that the
user is not able to access some resources which he should be able to access as his roles are changed now.
I understood that this is something related to cache. So i set some small value for the
DefaultCacheTimeout attribute of JassSecurityManager mbean in the jboss-service.xml file and it helped but is this the only method to tell jboss about when to refresh the cache to get the user credentials or is there any other method to set the cachetimeout. Because if i define small value for DefaultCachetimeout for JassSecurity Manager the load on the jboss is increasing as there are lot of other applications running.
Can somebody tell me how to set JAAS security manager using DataBaseServerLoginModule such that it always gets the correct user role mapping information from the database.
Thanks
Anju
Do you Yahoo!?Friends. Fun. Try the all-new Yahoo! Messenger