0 Replies Latest reply on Jan 15, 2008 1:23 PM by jdsignature

    how jboss container should behave

    jdsignature
    jdsignature Jan 15, 2008 1:23 PM


      The jboss customized login module implemented:

      here is the issues:

      1. user login to access the application properly;
      2. user simply exited the browser;
      3. use relogin to the app , the login module bypassed because of the user credential caching.

      to solve the problems:

      1. either set the defaulttimeout = 0 or
      2 put the following code to the app:

      try{
      ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
      Object[] params = {domain};
      String[] signature = {"java.lang.String"};
      MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
      server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
      }catch(Exception ee) {}


      questions:

      1. should the container called the logout() implicitly when user exit the browser?

      2.if the answer is no for question 1, what is the right way to flush the user credentials? set the defaulttimeout = 0 or use the above code?

      3. what is the difference between set the defaulttimeout = 0 and the code above to explicitly flush the user credentials?


      thanks for your help

      • 948 Views
      • Tags: