I'm using JBoss 3 RC2, DatabaseServerLoginModule, and BASIC auth-method. I also wrote an web page that accesses an EJB to change user, and role settings. The EJB makes changes immediately to the database.
In general, the login module works fine. However, if a user logs in, and changes his/her own password (or role) using the web page, the user's setting doesn't changed immediately. JBoss gets the new user setting only if I restart JBoss.
Is there a way to reset the credentials immediately?
Also, is there a way to invalidate sessions that was created using BASIC auth-method? I close, and open my browser to switch between user session now :(
Don't you just hate it when there is zilch repsonse to the question just a about a kazilion other people must have also have?
I'm thinking of writing some sort of LoginModule wrap it in an mbean or something...