Regarding : invalidate elytron caching realm once user click logout #Elytron #CachableRealm

Akash gupta

unread,

Jan 7, 2022, 12:27:39 AM1/7/22

to WildFly

Hi,

hope u are doing good.

currently we have a configured a custom realm backed by a cachabale realm as shown below.

<custom-realm name="PKI-REALM" module="com.ab.common" class-name="com.ab.ABSecurityRealm"></custom-realm>
<caching-realm name="PKI-REALM-Caching" realm="PKI-REALM"/>

once the user click logout in application.

as part of logout. we invalidate session and logout

request.getSession().invalidate();

request.logout();

but i do see cache didn't get invalidated.

when i checked cachable realm. doc.

https://docs.wildfly.org/19.1/wildscribe/subsystem/elytron/caching-realm/index.html

it says it support a clear cache policy.

how we can possible invalidate cachable realm configuration programatcally when user logout

Thanks and Regards,

Akash Gupta.

Akash gupta

unread,

Jan 7, 2022, 12:35:47 AM1/7/22

to WildFly

hi,

we have do configure flush user credential as part of jboss-web.xml.

security-domain flushOnSessionInvalidation="true"

Thanks for anticipation,

Akash Gupta.

Darran Lofthouse

unread,

Jan 7, 2022, 6:40:24 AM1/7/22

to WildFly

Are you using FORM authentication or a different mechanism? Once authentication has occurred the SecurityIdentity should be associated with the HTTP Session.

Reply all

Reply to author

Forward