This content has been marked as final.
Show 3 replies
-
1. Re: Re-login a user programmatically after changing his pass
mohammadk May 21, 2008 12:50 PM (in response to mohammadk)"mohammadk" wrote:
What's the best way to re-login a user programmatically to the system after he changes his password?
We need to do so because after changing user's password, all the back-end calls from web-tier to ejb-tier fail with invalid user-id/password error message.
Also how can we force JBoss to refresh roles assigned to a logged-on user without forcing him to re-login again?
Thanks,
Does anybody know where JBoss 4.0.4.GA stores user's password when using JaasSecurityManager and DatabaseServerLoginModule? -
2. Re: Re-login a user programmatically after changing his pass
piotr.koper May 23, 2008 2:10 AM (in response to mohammadk)I think JBoss stores password in cache. Try to clear cache after changing password.
piotr.koper -
3. Re: Re-login a user programmatically after changing his pass
mohammadk May 26, 2008 11:43 AM (in response to mohammadk)"piotr.koper" wrote:
I think JBoss stores password in cache. Try to clear cache after changing password.
piotr.koper
Thanks for the response.
After reading different articles, web-logs and bug descriptions I learned Tomcat is the one that stores password in http session. To clear the stored password you can write a valve for tomcat to do so or if you are running on Jboss 4.2.2 simply use the new WebAuthentication class to re-authenticate the user with new password programmatically.