Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7730

WebAuthentication - unable to remove Principal from Cache

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Minor Minor
    • No Release
    • JBossAS-4.2.3.GA
    • Web Services
    • None

    • Windows XP, Java 6.0.17, MSSQL db

    • Low
    • Hide

      After logging in, put a check in your code to retrieve the info from the database to make doubly sure.

      Show
      After logging in, put a check in your code to retrieve the info from the database to make doubly sure.

      http://community.jboss.org/wiki/CachingLoginCredentials

      I've tried basically all of the above to make sure that a Principal that is logged in and wishes to delete his account is properly logged out so that his Principal is no longer cached by the JaasSecurityManagerService.

      We've already had all of the below:

      • (new WebAuthentication).logout()
      • HttpSession.invalidate()
      • add flushOnSessionInvalidation="true" to jboss-web.xml

      Tried adding code to Programatic Flushing via JMX, but did not have any effect.

      Disabling Caching

      • this worked, but was unacceptable, seeing as the amount of attempts to authorize using the database increased dramatically.
      • currently we have a DefaultCacheTimeout set to 9600 seconds, and after that time, the account is indeedy removed from the Cache and the database is once more contacted to retrieve the Principal

              rhn-support-asoldano Alessio Soldano
              maartenl_jira Maarten van Leunen (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: