We have a J2EE application that has a servlet as an entry point and uses stateless sessions beans for business logic. The application uses JAAS login modules for authentication and authorization. One authentication scheme we use is SSO with Jboss SPNEGO login module which provides seemless login to the application for users who are already logged in to a MS Active Directory domain.
In our application there is a function that can be used to clear various caches. In the process of clearing cache Jboss Credentials cache is also cleared. This causes problems with SSO login. When the Credentials cache is cleared in a system that uses Jboss SPNEGO the users who have logged on to the system at that moment get their credentials wipped off. Thus subsequent client requests to the EJBs caues an exception which says "EJB Invocation exception - Invalid user". I think this is because the user credentials are no longer available in the cache.
Can some one help me with any suggestions on what we can do here to avoid this behaviour? Is there a way to configure SPNEGO login module such that it will get the credentials again from the response instead of the cache when no entries are available in the cache?