2 Replies Latest reply on Mar 22, 2004 5:52 AM by dev2gosoft

    problem due to caching of roles  in JaasSecurityManager, Dat

    dev2gosoft Newbie



      Hi,

      We have an application that allows users to register account with an associated service plan (which maps to a specific role). The app uses a Form based authentication.
      The user is logged and authenticated/authorized against the infomration stored in tables which are populated from the account registration process.

      Jaas / DatabaseServerLoginModule is configured / set to make this work.

      Everything works perfect.

      However once the user is logged in, he can edit his account and upgrade
      his service plan and hence changes his role.

      We recommend the user to logout and relogin so that he can be authorized against his new role.

      The logoutAction is very simple.
      Just invalidate session...
      HttpSession ses = request.getSession(false);
      ses.invalidate();

      .When the user tries to login , every thing appears to be correct. except that he still inherits the old role (the role that existed when the server was started).

      This problem has an unacceptable workaround. Restart Jboss server. and the JaasSecurityManager cache is refreshed and everything works ok.


      IS there anyway that we can refresh the cache in JaasSecurityManager or invoke loginModule.logout() without restarting the server....

      I don't think that writing a custom Login Module helps. The cache seems to be deep in the container/server in JaasSecurityManager.

      Scott???
      Anyhelp will be deeply appreciated.

      Thanks in advance.