1 Reply Latest reply on Nov 1, 2003 8:34 AM by juha

    AuthenticationCache

    jkuhn

      Can somebody tell me exactly what the AuthenticationCache
      is used for?

      I'm having problems with users logging in, and then being
      assigned the wrong credentials. My application logs in a
      "guest" user when it is first accessed, and then real users
      can use a loggin page to log in. Immediately following
      login, I'm printing the subject's principals. The problem
      is that after a real user is logged in, the principals being
      displayed in my debug output are the guest's, and not the
      real user's.

      In an effort to fix this problem, I've been playing around
      with the org.jboss.security.plugins.JaasSecurityManagerService
      MBean. It has two methods of interest:

      getAuthenticationCachePrincipals()
      flushAuthenticationCache()


      If I login to the application with "user1", and then run
      the getAuthenticationCachePrincipals() method from the MBean,
      then it returns: "[user1]"

      However, as stated above, the debug output in the JBoss console
      states that "user1" has successfully logged in, and then it
      lists the guest's principals, as if it were the guest that logged
      in and not "user1".

      Anyway, if I then run the flushAuthenticationCache() method, and
      then the getAuthenticationCachePrincipals() method again, it
      returns: "[]"



      However, this has zero affect on the behavior of my application.

      Can somebody tell me what the AuthenticationCache is used for,
      and is it at all related to the principals that are returned
      by a call to the LoginContext.getsubject().getPrincipals() method?

        • 1. Re: AuthenticationCache

          It's a cache between the security manager and the authentication source (such as a LDAP server) so that each request coming in would not require access to another process (slow).

          -- Juha