This content has been marked as final.
Show 3 replies
-
1. Re: How to flush the old password
ragavgomatam Aug 28, 2008 10:29 PM (in response to oldreaper)Do a HttpSession.invalidate() to enable jboss clear the cached Principal & then ask the user to re-login with new credentials
-
2. Re: How to flush the old password
oldreaper Aug 29, 2008 7:36 AM (in response to oldreaper)Although this is a solution, but caching private credentials seems not appropriate. The JAAS specification does not enforce not caching private credentials, but it argues that it is better to clean the private credentials. So, the developer should have a chance to specify such a behavior when the application is configured, but not programmaticly.
-
3. Re: How to flush the old password
erasmomarciano Aug 29, 2008 8:51 AM (in response to oldreaper)Try to
You have to edit the conf/jboss-service.xml and set attribute DefaultCacheTimeout to 0
0
bye bye Erasmo Emilio