Announcement Announcement Module
Collapse
No announcement yet.
how to clear user cache after user changes password Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to clear user cache after user changes password

    Hi,
    Would appreciate if anyone could provide HOW-To of clearing user cache,

    the problem is that the user can still login after he changes password, even he log out, and session is invalidated.

    I think this is because the user cache is not cleared when password is changed. So the result is that the user can login using the old and new password ! (of cause after using the new password, the old one is automatically invalidated).

    thanks
    lixin

  • #2
    I am using:

    <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.Eh CacheBasedUserCache">
    <property name="cache">
    <bean class="org.springframework.cache.ehcache.EhCacheFa ctoryBean">
    <property name="cacheManager">
    <bean class="org.springframework.cache.ehcache.EhCacheMa nagerFactoryBean"/>
    </property>
    <property name="cacheName"><value>userCache</value></property>
    </bean>
    </property>
    </bean>

    Comment


    • #3
      One option would be to pass the userCache to your form controller that handles the pasword change and call the removeUserFromCache(username) method.

      Another option would be to handle it with events. Have your controller fire some kind of PasswordChangedEvent or something that carries the username. Then create an ApplicationContextListener that has a setter for the userCache, and handle the event by calling userCache.removeUserFromCache(username).

      Hope that helps.

      Comment


      • #4
        thanks !

        I like the second idea, that's something new to me, have not done this before - actually i did not know i can do so in this way.

        thanks for your help !

        Comment


        • #5
          Hope that helps, and it's ApplicationListener, not ApplicationContextListener, sorry.

          Comment


          • #6
            See also http://forum.springframework.org/showthread.php?t=14039
            Last edited by robyn; May 16th, 2006, 03:44 AM.

            Comment

            Working...
            X