| 摘要 |
A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information. |
