Wildfly flush cache of security-domain

Question

Im have a war project with JAX-RS interface deployed on wildfly and there is a security-domain configured, which loads user password and role from db. The security-domain uses cache-type=default. Updates of authenticated users are not recognized by the security-domain, because the old data are cached. I verified this with the jboss-cli.sh. So how can I remove a specific user from the cache? I want to do this within the deployed application and not via jboss-cli.sh.

Which version of WildFly are you using? – Harald Wellmann Sep 04 '15 at 20:11 — Harald Wellmann, Sep 04 '15 at 20:11

score 6 · Accepted Answer · answered Sep 05 '15 at 16:17

Your issue may be related to a bug in WildFly: https://issues.jboss.org/browse/WFLY-3221.

There is a workaround to explicitly flush the authentication cache:

@WebListener
public class SessionInvalidationListener implements HttpSessionListener {

    @Inject
    private Principal principal;

    @Resource(name = "java:jboss/jaas/mydomain/authenticationMgr")
    private CacheableManager<?, Principal> authenticationManager;

    @Override
    public void sessionCreated(HttpSessionEvent se) {
        // not used
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        authenticationManager.flushCache(principal);
    }
}

I've tested this approach in a slightly different use case. The interesting bit is accessing the authenticationManager - it should be easy to adapt that to your situation.

The bug should be fixed in WildFly 9.x (I didn't check).

I don't use sessions, so this bug does not affect my problem. I just want to flush the cache of my security-domain and that's totally what your solution does :) Tanks! I got a new issue and open a new thread therefore. — , Sep 05 '15 at 21:09
Any idea on how to flush the cache across multiple instances of Wildfly? Either running in standalone or domain mode? — SamF, Jun 21 '16 at 13:53
This is the most accurate answer for the caching problem I was facing even on Wildfly11 — Amr Eladawy, Mar 11 '18 at 10:05

score 1 · Answer 2 · answered Jul 01 '17 at 18:54

In Wildfly 10 using Domain Mode you can clear cache for security domains very easily by using jboss-cli on the following way:

First connect to Domain Controller by using

./jboss-cli.sh --connect controller={domainhost}:9990 --user={username} --password={password}

Then execute command

/host={hostname}/server={instancename}/subsystem=security/security-domain={securityname}:flush-cache

If security domain is defined like this:

<security-domain name="ldap-test" cache-type="default">

command will look like this:

/host=wf-server-1/server=instance-1/subsystem=security/security-domain=ldap-test:flush-cache

The similar solution should work for Standalone Mode.

In standalone the command looks like this `jboss-cli.sh -c --controller=127.0.0.1:9990 --user={username} --password={password} --command="/subsystem=security/security-domain=ldap-test:flush-cache"` — zperee, Mar 20 '18 at 13:03

score 1 · Answer 3 · answered Sep 11 '17 at 13:43

1

If you remove the attribute 'cache-type=default' from the security-domain, no cache will be used. See also here: https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration

answered Sep 11 '17 at 13:43

Ralph

4,500
9
48
87

Wildfly flush cache of security-domain

3 Answers3