Regarding : invalidate elytron caching realm once user click logout #Elytron #CachableRealm

47 views
Skip to first unread message

Akash gupta

unread,
Jan 7, 2022, 12:27:39 AMJan 7
to WildFly
Hi,

hope u are doing good.

currently we have a configured a custom realm backed by a cachabale realm as shown below.

<custom-realm name="PKI-REALM" module="com.ab.common" class-name="com.ab.ABSecurityRealm"></custom-realm>
<caching-realm name="PKI-REALM-Caching" realm="PKI-REALM"/>

once the user click logout in application.

as part of logout. we invalidate session and logout
request.getSession().invalidate();
request.logout();

but i do see cache didn't get invalidated.

when i checked cachable realm. doc.

it says it support a clear cache policy. 

how we can possible invalidate cachable realm configuration programatcally when user logout

Thanks and Regards,
Akash Gupta.

Akash gupta

unread,
Jan 7, 2022, 12:35:47 AMJan 7
to WildFly
hi,

we have do configure flush user credential as part of jboss-web.xml.

security-domain flushOnSessionInvalidation="true"


Thanks for anticipation,
Akash Gupta.

Darran Lofthouse

unread,
Jan 7, 2022, 6:40:24 AMJan 7
to WildFly
Are you using FORM authentication or a different mechanism?  Once authentication has occurred the SecurityIdentity should be associated with the HTTP Session.
Reply all
Reply to author
Forward
0 new messages