Please help me with this issue as I am completely puzzled...
I am using mysql, jboss 4 and the org.jboss.security.auth.spi.DatabaseServerLoginModule . Everything works fine until there is a new requirement in my program.
The status of the user must not be 'NEW' in order to pass the login, so I added "<module-option name="principalsQuery">SELECT u.PASSWORD FROM user u WHERE u.USERNAME=? and u.status <> 'NEW'</module-option>"
Which works ok for the first time, i.e. if I have just started the server and user status == 'NEW', it fails and works perfectly, but if the user successfully logged in the first time, then I changed the status of the user to 'NEW' and logoff the user and try to log in again, it login successfully??
It seems that JBoss is caching the login details?? Or am I setting things wrong??