1 Reply Latest reply on Jul 30, 2005 12:49 PM by starksm64

    Saved Subject

    peterbuus
    peterbuus Jul 6, 2005 9:11 AM

      My application uses a custom built LoginModule giving rights for users to stateful EJB's protected by security-roles.
      This works fine, but I would like to establish a HttpSessionBindingListener that does some cleanup/remove on the users EJB's on http session timeout.
      This obviously has to be done in the same security context as the original - and now disappeared - user.
      I tried several different approaches without success.
      Does anybody have an idea?

      regards/Peter

      • 1548 Views
      • Tags:
        • 1. Re: Saved Subject
          starksm64
          starksm64 Jul 30, 2005 12:49 PM (in response to peterbuus)

          Why isn't this done on the logout method of the custom login module? You can flush the auth cache on session invalidation to trigger this, or use the jboss-web.xml flushOnSessionInvalidation=true attribute on the security-domain element.

            • Actions