-
1. Re: CustomLoginModule does not work because of cache?
juhalindfors Feb 15, 2003 5:32 AM (in response to gksands)See JaasSecurityManagerMBean, it allows you to configure the cache, including timeout. Notice that disabling it completely will have a performance effect on your application.
-
2. Re: CustomLoginModule does not work because of cache?
gksands Feb 18, 2003 10:02 AM (in response to gksands)I really do not want to disable cache.
I do not want to use my own security proxy as well, because what I am trying to acheive is in addition to the functionalities already provided by the JBoss Login modules.
Is there any other way to get around this?
Thank you,
Sony -
3. Re: CustomLoginModule does not work because of cache?
jbriscoe Sep 7, 2004 4:58 PM (in response to gksands)Did you ever find a solution to this problem? I am having the same problem and I don't want to set the cach to 0.
Thanks,
Jacob -
4. Re: CustomLoginModule does not work because of cache?
starksm64 Sep 11, 2004 9:22 PM (in response to gksands)If you want the login modules to execute every time an authentication request is needed, you have to disable the cache. You can't have it both ways. Explain why you don't want the cache disabled if you want the login modules to execute?
-
5. Re: CustomLoginModule does not work because of cache?
jbriscoe Sep 13, 2004 10:22 AM (in response to gksands)I don't want to set the cache to 0 because, I need a running list of authenticated users on the server. But at the same time I need the server to attempt to authenticate when a login is requested and the username and password is already authenticated. I think the JBoss or Tomcat code looks like this (hypothetically) when j_security_check is requested :
// 1) Check: same user login
if(listOfUsers.getUsername().equals("newUsernameLogin")){
// 1a) Re-Init user session of found user....
}else{
// 2) Check: against datasource for valid username and/or password...
// 2a) If ok; then proceed and create NEW session.
}
The reason I need to do this is to check if a user is already logged in from another location. I can think of about a 1000 other ways of performing this check, but I believe this should be handled better on the Application Server side, in this case JBoss.
Thanks,
Jacob -
6. Re: CustomLoginModule does not work because of cache?
starksm64 Sep 13, 2004 11:14 AM (in response to gksands)So your coupling the list of active users to the cache. To ask that the cache maintains the user list and then is ignored in terms of deciding whether the login module stack should be executed is not a reasonable expectation as far as I can see. You can certainly maintain your own list, or write your own cache implementation. See chap 8 in the online manual for more info on the latter.