tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mech" <>
Subject Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
Date Tue, 18 Feb 2003 13:24:53 GMT

I'm using Tomcats build in form-based auth mechanism and a JDBCRealm
with usernames and roles from my DB.

It can happen that a user does a login and later due to some workflow he
either obtains or looses a role.
I can do the insert/delete of those roles without a problem in my DB.
Unfortunately as long as the user stays logged on the webapp Tomcat
seems to cache the role information as it was when the user previously
performed his login.

Means in detail that my DB is up-to-date but every
request.isUserInRole() is not and gives me either true, although the
role is already deleted or false, although I provided that role already.

Is there any better way to update Tomcats security system to use the
current roles and not to force a logoff and relogin?
I have no idea at the moment where Tomcat stores the role info after
login so that I could somehow update this info at the same time I update
my DB.

I hope someone can provide my a hint if and how this can be done. I
hoped there would be some opposite feature of request.isUserInRole()
like response.setUserRole() or something...


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message