Wildfly flush cache of security-domain

Helmosch picture Helmosch · Sep 3, 2015 · Viewed 7.3k times · Source

Im have a war project with JAX-RS interface deployed on wildfly and there is a security-domain configured, which loads user password and role from db. The security-domain uses cache-type=default. Updates of authenticated users are not recognized by the security-domain, because the old data are cached. I verified this with the jboss-cli.sh. So how can I remove a specific user from the cache? I want to do this within the deployed application and not via jboss-cli.sh.

Answer

Harald Wellmann picture Harald Wellmann · Sep 5, 2015

Your issue may be related to a bug in WildFly: https://issues.jboss.org/browse/WFLY-3221.

There is a workaround to explicitly flush the authentication cache:

@WebListener
public class SessionInvalidationListener implements HttpSessionListener {

    @Inject
    private Principal principal;

    @Resource(name = "java:jboss/jaas/mydomain/authenticationMgr")
    private CacheableManager<?, Principal> authenticationManager;

    @Override
    public void sessionCreated(HttpSessionEvent se) {
        // not used
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        authenticationManager.flushCache(principal);
    }
}

I've tested this approach in a slightly different use case. The interesting bit is accessing the authenticationManager - it should be easy to adapt that to your situation.

The bug should be fixed in WildFly 9.x (I didn't check).