Can somebody tell me exactly what the AuthenticationCache
is used for?
I'm having problems with users logging in, and then being
assigned the wrong credentials. My application logs in a
"guest" user when it is first accessed, and then real users
can use a loggin page to log in. Immediately following
login, I'm printing the subject's principals. The problem
is that after a real user is logged in, the principals being
displayed in my debug output are the guest's, and not the
real user's.
In an effort to fix this problem, I've been playing around
with the org.jboss.security.plugins.JaasSecurityManagerService
MBean. It has two methods of interest:
getAuthenticationCachePrincipals()
flushAuthenticationCache()
If I login to the application with "user1", and then run
the getAuthenticationCachePrincipals() method from the MBean,
then it returns: "[user1]"
However, as stated above, the debug output in the JBoss console
states that "user1" has successfully logged in, and then it
lists the guest's principals, as if it were the guest that logged
in and not "user1".
Anyway, if I then run the flushAuthenticationCache() method, and
then the getAuthenticationCachePrincipals() method again, it
returns: "[]"
However, this has zero affect on the behavior of my application.
Can somebody tell me what the AuthenticationCache is used for,
and is it at all related to the principals that are returned
by a call to the LoginContext.getsubject().getPrincipals() method?
It's a cache between the security manager and the authentication source (such as a LDAP server) so that each request coming in would not require access to another process (slow).
-- Juha