You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Grassi Fabio <Fa...@ggsinformatica.it> on 2003/11/17 12:43:17 UTC

Realm authentication & password change

I'm using Tomcat User Database Realm authentication with a Struts
application. It all works fine *but* I would like to give my users the
ability to change their password. The problem is that once the password
is changed in my RDBMS, Tomcat keeps the old password in memory until
restarted. So the unlucky user who has changed the password gets
prevented from logging in again.
 
Does anybody have a similar problem? I'm I doping something wrong? Any
hint would be greately appreciated.
 
Thanks in advance, Fabio.
Ai sensi della Legge 675/96, si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, la preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie.<BR><BR>This message, for the law 675/96 may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

Re: Realm authentication & password change

Posted by Adam Hardy <ah...@cyberspaceroad.com>.

On 11/17/2003 12:43 PM Grassi Fabio wrote:
> I'm using Tomcat User Database Realm authentication with a Struts
> application. It all works fine *but* I would like to give my users the
> ability to change their password. The problem is that once the password
> is changed in my RDBMS, Tomcat keeps the old password in memory until
> restarted. So the unlucky user who has changed the password gets
> prevented from logging in again.

Hi Fabio,
I don't think that is quite correct. As far as the docs go, the info is 
kept for the duration of the session. So you have to invalidate the 
user's session and force them to log in again.

Adam

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org