This content has been marked as final.
Show 3 replies
-
1. Re: why it is possible to login with old password in JAAS(Da
j2ee_junkie Aug 3, 2006 8:14 AM (in response to gssbhaskar)Baskar,
After a password is changed, the user must be logged out of application (i.e. JBossSX cache flush). If your UI is web-based, this usually can occure by invalidating the web session. Is this step happening? You can verify what principals are in the cache via the jmx-console (mbean: jboss.security:service=JaasSecurityManager).
cgriffith -
2. Re: why it is possible to login with old password in JAAS(Da
gssbhaskar Aug 10, 2006 1:14 AM (in response to gssbhaskar)Hi
After changing the password user is not logged out( i am not invalidating the session).
But i manually logged out, and i can login with old password.
is any configeration to jboss, so that it always picks the password from database? not from cache? -
3. Re: why it is possible to login with old password in JAAS(Da
jaikiran Aug 10, 2006 1:45 AM (in response to gssbhaskar)