Red Hat Bugzilla – Bug 1028843
Documentation bug: the solution of security issue JBPAPP-3079 is wrong
Last modified: 2014-03-12 21:13:24 EDT
Section Number and Name:
7. Issues fixed in this release
Describe the issue:
Doc says The Solution of flushing JBoss Authentication Cache is to uncomment the filter in Tomcat's web.xml, but filter must be added.
The following KCS is right.
Why does flushOnSessionInvalidation not flush the JAAS cache when sessions timeout on JBoss?
Suggestions for improvement:
You must uncolmment this filter in Tomcat's web.xml to use this feature.
You must uncolmment add the filter in server/$PROFILE/deployers/jbossweb.deployer/web.xml to use this feature.