Overview

The intent of this document is to have a caching mechanism in order to improve overall performance during the authentication and authorization of identities.

Elytron relies on Security Realms which provide the necessary integration with a specific identity store, where identities and related data are stored. Examples of security realms and their corresponding identity stores are:

• RDBM
• LDAP
• Filesystem
• Custom

Elytron supports the most common identity stores such as RDBM and LDAP, but it also allows developers to provide custom security realms accordingly with their needs and where their identity data is located.

Caching will enable Elytron to avoid unnecessary hits to an underlying identity store when a security realm supports caching its identity representations.

Design

This issue is a result of https://issues.jboss.org/browse/ELY-592, which provides support for enabling caching to security realms.

The objective is allow caching configuration via subsystem as follows:

<caching-realm name="CacheableApplicationRealm" realm="ApplicationRealm" maximum-entries="48"/>

Where <caching-realm/> is a new type of realm that can be defined within Elytron's subsystem. This realm requires a reference to an existing realm definition, which is going to be decorated in order to enable caching capabilities for identities obtained from it. The cache is based on a LRU (Least Recently Used) strategy where least accessed entries are removed when maximum-entries is reached. The cache also supports a maximum-age configuration option that allows to specify the time in milliseconds that an item can stay in the cache.