sessionFactory only called once in applicationContext-security.xml?

[Spacekangaroo]

Hallo agains,

An issue I'm unsure of atm, I have hibernate handling my logins through a user table. If this table is manipulated whilst the app is running, no change takes place on the login side of things (however they do on tables, I'm using ZK for that and can see the changes correctly).
So if I log in with:
admin password

Then change the password to newpassword

I have to clean & build the app, then run it before the change takes place for the login.
So in other words I think it only checks the user table data once, keeps it somewhere?

Anyway code I think might help:

snippet of applicationContext-security.xml

Code:

    <beans:bean id="sesFactory"
      class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        <beans:property name="configLocation">
            <beans:value>classpath:\hibernate.cfg.xml</beans:value>
        </beans:property>
    </beans:bean>
    
	<beans:bean id="userDAO" class="login.UserLoginDAOImpl">
                <beans:property name="sessionFactory" ref="sesFactory"></beans:property>
	</beans:bean>

	<beans:bean id="userService" class="login.UserLoginService">
		<beans:property name="userDAO" ref="userDAO"></beans:property>
    </beans:bean> 
    
    <authentication-manager>
         <authentication-provider user-service-ref="userService">
         	<!--<password-encoder hash="sha" />-->
         </authentication-provider>    	 
    </authentication-manager>

hibernation.cfg.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-configuration PUBLIC
  "-//Hibernate/Hibernate Configuration DTD 3.0//EN"
  "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
 
<hibernate-configuration>
    <session-factory>
        <!-- Database connection settings -->
        <property name="connection.driver_class">com.mysql.jdbc.Driver</property>
        <property name="connection.url">jdbc:mysql://localhost:3306/test</property>
        <property name="hibernate.connection.username">root</property>
        <property name="hibernate.connection.password">admin</property>
 
        <!-- JDBC connection pool (use the built-in) -->
        <property name="connection.pool_size">1</property>
 
 
         <!-- Enable Hibernate's automatic session context management -->
        <property name="current_session_context_class">thread</property>
 
        <!-- Disable the second-level cache -->
        <property name="cache.provider_class">org.hibernate.cache.NoCacheProvider</property>
        
        <!-- SQL dialect -->
        <property name="dialect">org.hibernate.dialect.MySQLDialect</property>
        
 
        <!-- Echo all executed SQL to stdout -->
        <property name="show_sql">true</property>
 

  
        <mapping class="contacts.Contacts" />
        <mapping class="login.Users" />
    </session-factory>
</hibernate-configuration>

[Rob Winch]

Once the user is logged in, the value is cached in the HttpSession for performance reasons. Please see http://blog.springsource.org/2009/01...-in-real-time/ for an example. Alternatively, you can provide your own SecurityContextRepository implementation that does not use the cached value in session (you will want to ensure this performs though).