-
1. Re: How to configure Infinispan for PicketLink?
andey Feb 21, 2017 4:39 AM (in response to simotuokko)Hi,
By default, cache-type of your security-domain is "default" which uses a ConcurrentHashMap implementation which never expire cached entries. However, when the HTTP session is invalidated, the cache entry is removed in EAP6 (not removed in EAP7).
change the cache-type to "infinispan" which uses Infinispan cache which has an expiration capability. Please change your security-domain to use Infinispan as follow:-
~~~
<security-domain name="exampleSecurityDomain" cache-type="infinispan">
~~~
and add the following lines to the infinispan subsystem configuration.
~~~
<cache-container name="security" default-cache="exampleCache">
<local-cache name="exampleSecurityDomain">
<eviction strategy="LRU" max-entries="1000"/>
<expiration lifespan="120000" max-idle="60000"/>
</local-cache>
</cache-container>
~~~
The cache container name should be "security" with a default cache named "exampleCache" (the name is free to choose). The local-cache name should be the name of your security-domain "exampleSecurityDomain". In the above example, strategy="LRU" means that entries are selected for eviction using a least-recently-used pattern, up to 1000 accounts are cached, expiration lifespan is 120000 msec, and max idle time is 60000 msec.
-
2. Re: How to configure Infinispan for PicketLink?
simotuokko Feb 21, 2017 7:06 AM (in response to andey)We tried to change cache type to "infinispan" and made following change to infinispan subsystem (we tried also some other name for default-cache):
<cache-container name="security" default-cache="idp">
<local-cache name="idp">
<eviction strategy="LRU" max-entries="1000"/>
<expiration lifespan="6000" max-idle="3000"/>
</local-cache>
</cache-container>
At first login MySecureLogin.login() is called. Logout and some waiting and relogin no call to MySecureLogin.login() method is made.
I am not sure is this correct way to check infinispan cache but with jconsole's MBean operation jboss.as->security->idp->Operations->listCachedPricipals() we can see that one of the nodes has principal stored in cache. And it seems to stay there until jboss is restarted.