3 Replies Latest reply on May 28, 2012 6:54 AM by Philippe Marschall

    Flushing credential cache from a login module?

    Philippe Marschall Master

      We have a custom login module that among other things blocks an account once too many login attempts have failed. However this means that after a failed login we have to flush the credential cache in order to protect us from the following scenario:


      1. User enters correct password, credentials are cached
      2. User enters incorrect password several times, account is blocked
      3. User enters correct password; because this matches the credentials in the cache, the check whether the account is blocked is skipped and the block does not work


      In AS 5.1 that was easy because we could directly access the MBean. Is there a similar solution for AS 7.1?