-
1. Re: Re-login a user programmatically after changing his pass
"mohammadk" wrote:
What's the best way to re-login a user programmatically to the system after he changes his password?
We need to do so because after changing user's password, all the back-end calls from web-tier to ejb-tier fail with invalid user-id/password error message.
Also how can we force JBoss to refresh roles assigned to a logged-on user without forcing him to re-login again?
Thanks,
Does anybody know where JBoss 4.0.4.GA stores user's password when using JaasSecurityManager and DatabaseServerLoginModule? -
2. Re: Re-login a user programmatically after changing his pass
I think JBoss stores password in cache. Try to clear cache after changing password.
piotr.koper -
3. Re: Re-login a user programmatically after changing his pass
"piotr.koper" wrote:
I think JBoss stores password in cache. Try to clear cache after changing password.
piotr.koper
Thanks for the response.
After reading different articles, web-logs and bug descriptions I learned Tomcat is the one that stores password in http session. To clear the stored password you can write a valve for tomcat to do so or if you are running on Jboss 4.2.2 simply use the new WebAuthentication class to re-authenticate the user with new password programmatically.