3 Replies Latest reply on Feb 18, 2004 8:23 AM by starksm64

    How to configure SecurityManager NOT to cache Subject

    lazarusli

      I am developing a web application making use of DatabaseServerLoginModule for user authentication purpose. I understand that setting the DefaultCacheTimeout (in jboss-service.xml) to a very small value forces the cached principals to be revalidated more frequently.

      Is it possible to configure SecurityManager NOT to cache the authenticated Subject and always lookup the database to perform login and retrieve the Role set? Also, I need this authentication be done only when a user is explicitly logging in from the login page.