5 Replies Latest reply on Jun 19, 2009 6:06 AM by vladoseprak

    Problem with cach when a user modifies his password on JBoss

    mkol
    mkol Oct 1, 2008 9:15 AM

      Hi,

      I use JBoss AS 4.05, JBoss Portal 2.6.3 and OpenLDAP. When a user logs on the portal, JBoss Portal verifies if the login exists in OpenLDAP, and it verifies if the password is the same too.
      It works but I created a portlet to modify the password of the loggued user. And I have the problem below :

      My user "toto" has the password "password1". My user "toto" logs on the portal with the password "password1". He uses the portlet to modify his password. The new password is "password2". He logs out on the portal.
      In OpenLDAP, the password has been correctly updated. But when the user "toto" logs on the portal, he is able to be logged with the old password and with the new password.

      It's not a cookie problem. Because I have this problem even if I use another browser on another computer.

      I have to restart Jboss to resolve this problem. When I restart JBoss, only the new password works.

      So I think it's a cach problem with JBoss Portal. I saw the link below:
      http://wiki.jboss.org/wiki/CachingLoginCredentials

      But even if I did "Disabling Caching", "Crendential Cache with Client Login Module Propogation", and "Flush the Credential Cache" with the JMX consol, the probleme didn't resolve.

      Do you know how I can resolve it?
      Thank you.

      • 2752 Views
      • Tags:
        • 1. Re: Problem with cach when a user modifies his password on J
          mkol
          mkol Feb 3, 2009 6:51 AM (in response to mkol)

          Nobody knows? I really need some help...

          Do you think that it's the same problem with this bug? : https://jira.jboss.org/jira/browse/JBPORTAL-2025

          I use JBoss Portal 2.6.3.
          When I logout on JBoss Portal, what happens with the different sessions? The jboss session timeout is launched, isn't it?

          And very important, how long do I have to wait to be sure that the cach is flushed?

            • Actions
          • 2. Re: Problem with cach when a user modifies his password on J
            prabhat.jha
            prabhat.jha Feb 4, 2009 3:35 PM (in response to mkol)

            You should try using the latest version for JBoss Portal 2.6 series.

              • Actions
            • 3. Re: Problem with cach when a user modifies his password on J
              mkol
              mkol Feb 5, 2009 12:56 PM (in response to mkol)

              Well, the application which uses JBoss Portal was delivered a long time ago. I can't tell to my customer to replace the application with a new version of Jboss Portal if I don't know where is the problem, and if I'm not sure that the problem will be resolved with a new version.

              I just want to know where is the problem...

                • Actions
              • 4. Re: Problem with cach when a user modifies his password on J
                ergautam
                ergautam Feb 17, 2009 8:50 PM (in response to mkol)

                I am having similar problem, when i change roles of a user, he logs out and logs in back, he still has access to the modules which were mapped to his earlier roles.

                When i tried to delete that user i got this error:

                2009-02-17 16:37:30,904 WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000
                2009-02-17 16:37:30,905 ERROR [org.hibernate.util.JDBCExceptionReporter] ORA-02292: integrity constraint (B2BPORTALADMIN26.FKF410173866F4DA65) violated - child record found

                2009-02-17 16:37:30,905 WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000
                2009-02-17 16:37:30,906 ERROR [org.hibernate.util.JDBCExceptionReporter] ORA-02292: integrity constraint (B2BPORTALADMIN26.FKF410173866F4DA65) violated - child record found

                2009-02-17 16:37:30,907 ERROR [org.hibernate.event.def.AbstractFlushingEventListener] Could not synchronize database state with session
                org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
                at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:71)
                at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
                at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatcher.java:253)


                when i tried to delete the user second time, the user got deleted.

                I created the user again and now his new roles are working, but i have lost confidence in the Role based access provided by portal.

                Any remedies for this kind of issue ..

                  • Actions
                • 5. Re: Problem with cach when a user modifies his password on J
                  vladoseprak
                  vladoseprak Jun 19, 2009 6:06 AM (in response to mkol)

                  Hello,

                  I'm having the same problem with JBoss Portal 2.7.1 authenticating with OpenLDAP. Im using user administration portlet (shipped with portal) for changing user password, but I can access portal with old password as well. Even http://www.jboss.org/community/wiki/CachingLoginCredentials didn't help. Is there some other way or setting that can solve this problem.

                  Thanks.

                    • Actions