how to clear user cache after user changes password

[lixin_chu]

Hi,
Would appreciate if anyone could provide HOW-To of clearing user cache,

the problem is that the user can still login after he changes password, even he log out, and session is invalidated.

I think this is because the user cache is not cleared when password is changed. So the result is that the user can login using the old and new password ! (of cause after using the new password, the old one is automatically invalidated).

thanks
lixin

[lixin_chu]

I am using:

<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.Eh CacheBasedUserCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFa ctoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheMa nagerFactoryBean"/>
</property>
<property name="cacheName"><value>userCache</value></property>
</bean>
</property>
</bean>

[RayKrueger]

One option would be to pass the userCache to your form controller that handles the pasword change and call the removeUserFromCache(username) method.

Another option would be to handle it with events. Have your controller fire some kind of PasswordChangedEvent or something that carries the username. Then create an ApplicationContextListener that has a setter for the userCache, and handle the event by calling userCache.removeUserFromCache(username).

Hope that helps.

[lixin_chu]

thanks !

I like the second idea, that's something new to me, have not done this before - actually i did not know i can do so in this way.

thanks for your help !

[RayKrueger]

Hope that helps, and it's ApplicationListener, not ApplicationContextListener, sorry.

[Ben Alex]

See also http://forum.springframework.org/showthread.php?t=14039