Recently I posted a question here but I had misunderstood the problem. Now I'm clear with it. I have a complicated situation with users and roles.
I use custom login module extending UsernamePasswordLoginModule
The situation :
user - with name user1 logs in the system, he has role with name role1.
He logsout ( i've done this by calling session.invalidate() )
Then in the database his role is changed to role2
He again login but now his role is role2 not role1.
But the logic in LoginModule doesn't come to getRoles() method. The Server give him role1.
If I restart server after changing the role in database everything is OK.
So I think that I'm not loggingout the user.
Can you help me with this problem.
How to log him out not just from the web but and from the ejb container.
have you tried flushing the authentication cache after the role change (from jmx-console) ?