5 Replies Latest reply on Jun 22, 2006 11:46 AM by chris griffith

    Roles issue

    Tomasz Zab?ocki Newbie

      Here is a brief description of my problem.

      I'm using JBossSX DatabaseLoginModule in my web application. In the application, there's an opportunity to change user roles by selecting particular user and assigning him the desired roles. The problem is that whenever I change the roles, and I'm logging in with the user that had his roles changed, the changes seem not to be applied. The user still has the roles that he had before changes. The changes are applied after the JBoss server is restarted.

      Any ideas on how to refresh user roles? Maybe they are cached in some way and I can switch the caching off.

        • 2. Re: Roles issue
          Tomasz Zab?ocki Newbie

          Well that's not the exact point - I don't have to check the user roles at runtime or dynamically. The only thing is that (that's how I suppose it does work) the DatabaseLoginModule assigns the roles at the point when the application is started or at the first login not each time the login is performed...or maybe this is rather a tomcat issue that it caches the roles at the beginning not each time the user logs in. The point is that I would like to customize the LoginModule or tomcat security somehow not to cache the roles. I don't want to reimplement Group class.

          • 3. Re: Roles issue
            chris griffith Expert

            There are two points where roles may be cached...

            Tomcat caches the Principal and Roles of a user in the session. Thus, inactivating a session removes that cache.

            JBossSX has an authentication cache that exists for the length of time specified by timeout option.

            If your web security-domain is configured for the same domain as an ejb component, then invalidating the web session will also flush the authentication cache.

            Thus if user has properly been logged out of system, then there should be no reason why an update to the database would not be seen imediately.

            If this is not happening please let us know, cgriffith

            • 4. Re: Roles issue
              Tomasz Zab?ocki Newbie

              In fact the session is being invalidated and the problem still persists. Considering things you've said I think this is a JBossSX issue. Any ideas on how to flush the databaseloginmodule data?

              • 5. Re: Roles issue
                chris griffith Expert

                I already explained where authentication data cache exists in JBoss/embeded Tomcat and how it gets flushed. If you are seeing differenct results then a)use jmx-console to view/manipulate the authentication cache to see what is going on. b) check/post your security configurations to see that what you have configured matches the behavior.

                cgriffith