Hi I've raised a ticket (WFLY-3858) regarding the following, which appears to be some kind of race condition during the configuration of the infinispan cache when login modules are configured. The upshot is that it appears that the auth-cache only gets the configured settings applied during about 50% of startups. The rest of the time it ends up with the defaults (no expiry). This is problematic because after a successful login, our login module then never gets called again to check whether the account has been subsequently disabled for any reason.
Does anyone here have experience of something similar?
I have the following standalone configuration in Wildfly 8.1.0.Final:
| | <cache-container name="security" default-cache="auth-cache" start="EAGER"> |
| | <transport cluster="${cluster.name}_SEC" lock-timeout="60000"/> |
| | <replicated-cache name="auth-cache" batching="true" mode="ASYNC"> |
| | <eviction strategy="LRU" max-entries="10000"/> |
| | <expiration lifespan="60000"/> |
| | </replicated-cache> |
| | </cache-container> |
| <security-domain name="OAuth-Consumer" cache-type="infinispan"> |
| <authentication> |
| <login-module code="com.idbs.ewb.server.auth.module.OAuthConsumerLoginModule" flag="sufficient" |
| module="deployment.ewb-server-ear.ear"> |
| </login-module> |
| </authentication> |
| </security-domain> |
