jfc wrote:just thought I'd change the message subject to be more relevent as I'm still stuck on this.
Scott M Stark wrote:I tried flushing the cache from within the logout servlet and I am still getting 'logged-in' results from requests which should be seen as new and unauthenticated.
From the 3.0.7 release notes:sorry, should have thought to look there. (thanks)
comments:
Add a flushAuthenticationCache(String securityDomain, Principal user)
operation to allow a single user to be flushed from the authentication cache.xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message ----- From: "jfc" <[EMAIL PROTECTED]>
To: "jboss-user" <[EMAIL PROTECTED]>
Sent: Wednesday, May 28, 2003 3:04 AM
Subject: [JBoss-user] security question: removing an individual user from authent cache
Hi,
I would like to know whether or not I need to upgrade my current version of JBoss (308RC1 bundled with tomcat 4.1.24 LE1.4) in order to aquire functionality/support for removing an individual user from the authentication cache when he logs out of the web application.
If this is possible to do without upgrading, I would like to know how to do it as I have had problems upgrading to 3.2.1 and I'm not sure when I will be able to resolve the problem.
thanks for any help jfc
------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Right, so I have a running instance of jboss 308RC1 and tomcat4124 LE14. I am experiencing problems - it breaks down like this:
1. admin user logs in to web app successfully (configured via jboss-web.xml and web.xml to use my jboss security domain aka login-config.xml);
2. Same user submits a request which gets routed to search ejb which queries the user's role to find out whether the user is in a particular role (say 'admin').
The result of the query is yes, caller is in role 'admin' and so additional criteria are applied to the search. This works well;
3. user logs out of the web application (httpSession.invalidate() and response.redirect("myIndex.jsp"));
4. I invoke flushAuthenticationCache() with the my-sec-dom security domain parameter as per above(via jmx-console);
5. I start up a konqueror instance and navigate to the site submitting a nobody search which is seen as such by the ejb;
6. I then return to the mozilla window and again submit a search request.
The ejb sees the the old user still as being logged in because it returns true to isCallerInRole("admin");
7. When I submit again from Konqueror, it still thinks I am in admin.
What am I doing wrong/missing? Could it be because I am not flushing the cache from within the same web-tier thread?
Any help is appreciated. jfc
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
any further help is appreciated.
jfc
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
jfc
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
