3 Replies Latest reply on Feb 21, 2005 4:21 PM by bbalmer

Clear security roles programatically

bbalmer Feb 21, 2005 2:59 PM

In my web.xml I have the following:

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 <url-pattern>/pages/management/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>RosyAdmin</role-name>
 </auth-constraint>
 </security-constraint>


 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Rosy</realm-name>
 </login-config>

 <security-role>
 <role-name>RosyAdmin</role-name>
 </security-role>

When a user enters the management area they are prompted for a username/password. Fine. Once they are out of the management area is there a way to clear this so that the next time they enter they are re-prompted? I looked at the session and application headers set but found nothing that I could remove to do this. Is this possible?

Thanks.

1. Re: Clear security roles programatically

bbalmer Feb 21, 2005 4:03 PM (in response to bbalmer)

I tried what I saw in the wiki (I thought this was a similar post)
http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
but this didn't do the trick.
Actions
2. Re: Clear security roles programatically

starksm64 Feb 21, 2005 4:07 PM (in response to bbalmer)

That is the jaas cache. You need to invalidate the session to clear the web cache. This requires the use of FORM auth. For BASIC auth, there is no way to invalidate the cache because its the browser that is keeping track of what username/password worked and is just sending it. You have to restart the browser or clear its password cache.
Actions
3. Re: Clear security roles programatically

bbalmer Feb 21, 2005 4:21 PM (in response to bbalmer)

Thanks
Actions

Go to original post