2 Replies Latest reply on May 6, 2004 4:41 PM by gregkly

Jboss caches credentials

montesther Sep 5, 2003 6:52 AM

Hi,

We are using Jboss 3.2.1, and we have correctly configured a ldap login module for JAAS authentication. The problem is that when we change an user's profile in the LDAP, and we authenticate ourselves using that recently updated user, JBoss does not recognize the new profile. Does Jboss cache the user credentials and profile information? In that case, does someone know how can we disable it?

Thanks.

1. Re: Jboss caches credentials

gregkly May 6, 2004 11:01 AM (in response to montesther)

Hi we run through the same problem.
I found (http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html) this information regarding caching:
"Note that you can configure the JaasSecurityManager to use a cache of authentication information so that a JAAS login is not performed on every method invocation. If no cache is specified in the JaasSecurityManager's configuration, a timed cache is used by default."

From our test JBoss refresh cached authentication information in 30 minutes range (30 minutes after change was made actually).
I still looking to configure caching mechanizm (change cached time, enforce refreshing...)
If you get more information regarding caching, can you share it?
Actions
2. Re: Jboss caches credentials

gregkly May 6, 2004 4:41 PM (in response to montesther)

There are two solutions for Authentication caching, that I was able to find:
1. Set Cached timeout (by default it is 30 minutes)
This site explains how to do it:
http://www.timfanelli.com/index.php?p=6
2. Flush authentication info.
This site has solution:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=45932
Actions

Go to original post