Hi, I'm having a problem with Acegi Plugin. The problem is that Acegi caches user info. If I update roles or password the change doesn't appear immediately. For a while I can even log out and log in with previous password. I found 2 solutions JIRA.
- Set cacheUsers = false in SecurityConfig.groovy
- Use special filter to update securityContext
Both solutions work. Unfortunately, both produce loads of database queries.
Users are updated only in UserService.update(..) and I can expect that they will be updated rarely. Is there any chance to immediately update securityContext. It's no problem for the current user. But can I do it even for another logged-in user?? e.g. if admin changes roles/password for some user