Hi, We have a web application with declarative security. The custom login module we wrote, fetches the user's credential(s) and role principals from a database. The first time a user logs in, everything works fine. Meaning that the login() and commit() methods are called. But wen the user closes his browser and logs in again, these methods are not called any more? (caching mechanism?) Consequently, if the user's role(s) might have been changed in the database, the new settings would not be active?! (When we do flushAuthenticationCache and try again, database access does occur) How can we prevent this, so the Subject's principals are ALWAYS updated? Thanks in advance! Wonne Keysers PS: using jboss-3.0.6
<<winmail.dat>>