Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Use the JAAS programming model for web authentication > Develop custom login modules for a system login configuration for JAAS > Customize application login with JAAS > 4. Configure a server-side JAAS authentication and login configuration. > Customize a server-side JAAS authentication and login configuration
Revoking users from a cache for JAAS
In WAS, v5.0.2 and later, revocation of a user from the security cache using an MBean interface is supported.
When a user is removed from authentication cache, the user can still login to WAS at any time. Removing the cache only removes the user from the runtime cache. It does not remove the user from the registry, nor does it lock out the user.
Procedure
Use the following procedure in a JACL script.
The following Java Command Language (JACL) revokes a user when given the realm and the user ID, and cycles through all the security administration MBean instances that are returned for the entire cell when run from the dmgr wsadmin command. The command also purges the user from the cache during each process.
In some of the following lines of code, the lines are split into two or more lines for illustrative purposes only.
proc clearAuthCache {realm userid} { global AdminControl AdminConfig if {[catch {$AdminControl queryNames WebSphere:type=SecurityAdmin,*} result]} { puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,* caught an exception $result\n" return } else { if {$result != {}} { foreach secBean $result { if {$secBean != {} || $secBean != "null"} { if {[catch {$AdminControl invoke $secBean clearAuthCache} result]} { puts stdout "\$AdminControl invoke $secBean clearAuthCache caught an exception $result\n" return } else { puts stdout "\ncache cleared for process $secBean\n" } } else { puts stdout "unable to get securityAdmin Mbean, user $userid not revoked" }}} else { puts stdout "Security Mbean was not found\n" return } }
Customize a server-side JAAS authentication and login configuration
Customize application login with JAAS