1 Reply Latest reply on Jul 18, 2016 8:34 AM by Nitin Shukla

    What is the workaround for bug [WFLY-3221] in Wildfly 8.2.0 Final?

    Nitin Shukla Newbie

      Hello Forum members,

       

      Sometime back I moved my web application from JBoss AS 7.1.0 to Wildfly 8.2.0 Final. However I have hit the issue [WFLY-3221] flushOnSessionInvalidation attribute in jboss-web.xml does not flush user credentials - JBoss Issue Tracker. I have attempted to use the workaround suggested here - security - Wildfly caches roles after logout in a web application - Stack Overflow. However the solution did not work for me as I am unable to load the bean and invoke the flushCache method explicitly in my HTTPSessionListener.

       

      Has anyone successfully flushed the authentication Cache from the Web application? If yes please share pointers/code to get access to the bean to invoke the flushCache method.

       

      Alternately is it possible to do this by issuing a jboss-cli command? I am OK to issue a SystemCommand from my Listener method to get the workaround for the bug.

       

      Looking for a quick effect workaround for this bug that exists in Wildfly 8.2.0 FINAL. We at the moment do not intend to upgrade to Wildfly 9 where the bug is fixed. Will appreciate if some one can point to any patch available for Wildfly 8.2.0 that will effect resolve the issue in AS instead of me writing any workaround code my application.

       

      Thanks.

        • 1. Re: What is the workaround for bug [WFLY-3221] in Wildfly 8.2.0 Final?
          Nitin Shukla Newbie

          Hello,

           

          Finally I have got this but this may not be the best way to flush the authentication cache to workaround this bug in Wildfly 8.2.0 FINAL.

           

          Implemented the HTTPSessionListener overriding the method sessionDestroyed(). From this method issue the System Command using ProcessBuilder to call the jboss-cli.bat command as below:

           

          jboss-cli.bat -c command="/subsystem=security/security-domain=<SECURITY_DOMAIN_NAME>:flush-cache()"

           

          The undesired effect of this command is that it flushes full authentication cache for all users logged and not just the user whose sessions is being destroyed(expired/logging out). I could not find if the flush-cache() method above can be passed the Principal User as an argument so as to specifically flush the cache for that user. Any suggestion to flush-cache for specified user is appreciated.

           

          Thanks.