5 Replies Latest reply on Jul 26, 2013 2:52 AM by adhir.aima

Updating user credentials

tremalnaik Sep 30, 2005 7:55 AM

Hello, I have an application runnin on Jboss 4.0.2
The users authenticate using a custom login module which reads user credentials stored in a database

I added a functionality which lets user change their password. They can go on working after changing it.

After 30 mins the cache expires and the user is (transparently) logged out, while the login module tries re-login immediately using, I presume, user credential stored in user request. These are the credentials stored before he changed his password, so re-login fails.

I fixed the problem setting a looooong time for the DefaultCacheTimeout attribute but I'm looking for a smart way to solve this.

1) is my presumption correct?
2) Is there a way to update user credentials in the browser cache (setting somehow the response)?
3) do you have any alternative hints to fix this problem?

thanks

1. Re: Updating user credentials

neelixx Oct 1, 2005 10:21 AM (in response to tremalnaik)

Hmmmm.....

I don't think it's the browser cache, as that would mean you are using cookies? If you are storing their logon in their session, how about this:

1). Store the page they are currently at in a variable
2). Store the username and password from the updatePassword form.
3). Upon successful completion of changing their password send them to a servlet (say updateLogonServlet).
4). updateLogonServlet should logoff their session, and then logon using their new password
5). redirect them back to the page they were at.

Haven't tried this myself, but it sounds like it would work.
Actions
2. Re: Updating user credentials

neelixx Oct 1, 2005 2:31 PM (in response to tremalnaik)

tremalnaik,

While doing some research on a project I'm working on, I ran across this on the Wiki. Haven't used it, but sounds like it may help:

http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials

HTH.

Good Luck!

--Aaron
Actions
3. Re: Updating user credentials

niwhsa Oct 3, 2005 1:48 AM (in response to tremalnaik)

Some thoughts::

Seems like the earlier impl of relogin the user (behind the scenes) is a better idea as the other option involves using mbean code. Kinda ties you up a lot to jboss.
In J2EE use as few native features as possible. In case you cant help using it, provide enough delegation/abstraction to make sure that the change (in case you need to change) in future is limited to one or two java files irrespective of project size.
Actions
4. Re: Updating user credentials

tremalnaik Oct 3, 2005 10:16 AM (in response to tremalnaik)
I don't think it's the browser cache, as that would mean you are using cookies? If you are storing their logon in their session, how about this:

yes, you're right, it's tomcat which stores user principal into session. I solved with a valve which performs the following:

1. flush user cache (see http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials)

2. reauthenticate user:

Realm realm = this.getContainer().getRealm(); Principal principal = realm.authenticate(username, password);

3. update session:
session.setPrincipal(principal);

all this happens transparently to the user

thanks everibody,
Actions
5. Re: Updating user credentials

adhir.aima Jul 26, 2013 2:52 AM (in response to tremalnaik)

where do you call the this.getContainer() I cannot find a supporting api
Actions

Go to original post