You could also reset the authentication object:
// reset the authentication object if current user
107 Authentication auth =
SecurityContextHolder.getContext().getAuthentication();
108 if (auth != null && auth.getPrincipal() instanceof
UserDetails) {
109 User currentUser = (User) auth.getPrincipal();
110 if (currentUser.getId().equals(user.getId())) {
111 auth = new
UsernamePasswordAuthenticationToken(user, user.getPassword(),
user.getAuthorities());
112
SecurityContextHolder.getContext().setAuthentication(auth);
113 }
114 }
From
http://static.appfuse.org/appfuse-service/xref/org/appfuse/service/UserSecurityAdvice.html.
Matt
On 7/26/07, Allen Gilliland <[EMAIL PROTECTED]> wrote:
Dave wrote:
> On 7/26/07, Allen Gilliland <[EMAIL PROTECTED]> wrote:
>> Hmmm, I don't know that there is no need for that cache. That cache is
>> used to prevent us from having to hit the db constantly when checking
>> authentication/authorization. Without it, every single request from
>> users that are logged in requires extra queries against the db.
>
> Good point. I'll figure out how to flush that cache.
I took a quick look at it and I think you should be able to lookup the
"userCache" bean from spring and then call
userCache.removeUserFromCache(username). The class used for caching is
this one ...
http://www.acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/providers/dao/cache/EhCacheBasedUserCache.html
Generally speaking I don't like the idea of putting in more code that
directly tries to access spring beans, but I'm not sure there is any
other option here.
-- Allen
>
> - Dave
--
http://raibledesigns.com
