2 Replies Latest reply on Nov 1, 2004 6:06 AM by ytzel

how to implement a change of user password?

ereze Oct 27, 2004 11:23 PM

Hi,

(I am running with JBoss 3.2.5.)

In my application the user can change his password. The change should
take effect immediately. But unfortunately the JBoss keep the user older credentials in the cache for the amount of time specified where the default is 1800 seconds (30 min.).

First I suppose I am not the first to come across such a requirement. So I am pretty sure (I hope) someone has a solution. The JBoss security credentials cache is a great feature and I would like to continue using it, so a solution of setting the entry time-to-leave to 0 is not a good solution for me. I read about the flush option that clears the cache - this is also not very good for me - why loose all the cache because of just one user.

I would appreciate any help

Erez

1. Re: how to implement a change of user password?

starksm64 Oct 28, 2004 2:41 PM (in response to ereze)

Re-read the wiki page on this as it shows how to flush a single user from the cache:

http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
Actions
2. Re: how to implement a change of user password?

ytzel Nov 1, 2004 6:06 AM (in response to ereze)

good solution, but only for jboss. if i want to keep my code j2ee-plattform independent (k, i know jboss is the only one) what should i do ?!?

there is also another functional requirement. what happens if change my password and afterwards i want to click through my web-app. after a cache-miss (auth-cache timeout or full) the web-container raises the login-page and i have to login myself again but with the new credentials. I WILL NOT LOGIN during my allready authenticated web-session!!!
Actions

Go to original post