views:

25

answers:

1

In jboss-web.deployer/conf/web.xml there is a listener defined called SecurityFlustSessionListener.

This listener searches for the component java:comp/env/security/securityMgr and if not found prints that info in the debug log. It is understood that if this security feature is not needed then, one can simply remove this listener.

How have you used this listener for configuring security at the time of session destroying? As in, can you highlight the use cases of this listener and the scenarios where it was found useful?

A: 

This listener is used to flush the security domain cache when the session expires instead of waiting for the expiry time of the security domain cache. If no security domain specific info is being used - then this can be removed - or one change configure the expiry policy of the cache instead.

techzen