3 Replies Latest reply on Aug 10, 2006 1:45 AM by jaikiran

why it is possible to login with old password in JAAS(Databa

gssbhaskar Aug 3, 2006 7:03 AM

Hi all

I am using DatabaseServerLoginModule(JAAS)&MySQL DB for my authentication. my application has a change password funcationality. using which the users are allowed to change the password.

But the problem is after changing the password,i am able to successfuly login with old password.i checked the database, where the password has updated to new one.

is this prblem with jboss cache?if it is,how can i rectify it?

Thanks
Baskar G

1. Re: why it is possible to login with old password in JAAS(Da

j2ee_junkie Aug 3, 2006 8:14 AM (in response to gssbhaskar)

Baskar,

After a password is changed, the user must be logged out of application (i.e. JBossSX cache flush). If your UI is web-based, this usually can occure by invalidating the web session. Is this step happening? You can verify what principals are in the cache via the jmx-console (mbean: jboss.security:service=JaasSecurityManager).

cgriffith
Actions
2. Re: why it is possible to login with old password in JAAS(Da

gssbhaskar Aug 10, 2006 1:14 AM (in response to gssbhaskar)

Hi

After changing the password user is not logged out( i am not invalidating the session).

But i manually logged out, and i can login with old password.

is any configeration to jboss, so that it always picks the password from database? not from cache?
Actions
3. Re: why it is possible to login with old password in JAAS(Da

jaikiran Aug 10, 2006 1:45 AM (in response to gssbhaskar)

Have a look at:

http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
Actions

Go to original post