2 Replies Latest reply on Nov 23, 2010 12:06 PM by mmoyses

    AS7:  Authentication Cache Design


      Marcus, let us keep this thread for discussing the Authentication Cache design changes.


      From what you said:

      The auth cache has to be:

      • configurable at the security domain level.
      • flushing configuration at the security domain level.
      • clustered.


      Anything else we want to discuss?

        • 1. Re: AS7:  Authentication Cache Design

          I have an additional requirement within JBoss Negotiation for the flushing of the cache to be based on a time held in the object held in the cache i.e. I have an expiration time on a ticket and want the cache to expire as or before the ticket expires.  But I don't believe this would be a fixed time for each request.

          • 2. Re: AS7:  Authentication Cache Design

            Configurations we need to think of for the new cache implementation:

            • enable/disable cache per security domain
            • cache size limit
            • expiration time

            We also need to make custom principals work when the cache is disabled. As it is today the information about the caller principal is only available when the cache is enabled. When we have a custom principal as the caller principal this all falls apart.