The best way would be to provide your own implementation of the CachePolicy
(org.jboss.util.CachePolicy) that is used by the JaasSecurityManager so that you
could invalidate the cache when a user's roles have been updated. The default
CachePolicy implementation is a TimedCachePolicy so after a time the login module
should be reexecuted and new roles picked up. You set the JaasSecurityManager
CachePolicy implementation using the AuthenticationCacheJndiName attribute.
This is the JNDI name under which the CachePolicy implementation you want
to use is bound:
org.jboss.security.plugins.JaasSecurityManager
org.jboss.security.SubjectSecurityProxyFactory
DynamicUserCache
You would create a custom MBean to initialize your CachePolicy implementation and
bind it into JNDI under the "DynamicUserCache" location used above.
- Original Message -
From: "Tobias Seelinger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 05, 2001 8:07 AM
Subject: [JBoss-user] JaasSecurityManager logout
> Hi,
>
> I have read the JAAS Howto and implemented my own server LoginModule.
> Now I like to integrate a feature for dynamically changing the list of
> user roles. A user passes the authentication via login and now he
> receives another role. But the LoginModule is never called again after
> the first authentication. The JaasSecurityManager has a cache for valid
> principals. To add a new role, I have to initialize the role list again.
>
> Maybe this could be done with a logout (old principal and role list gets
> invalid) and a new login/authentication. But I have no idea if this is
> possible with JaasSecurityManager or if this is a good idea at all.
>
> Tobias
>
> ___
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
