0 Replies Latest reply on Dec 24, 2012 9:16 AM by Dmitry Chuiko

    Strange behaviour of default security domain caching strategy

    Dmitry Chuiko Newbie

      Hello everyone!

       

      Some time ago we encountered with unexpected user logouts on production running JBoss 7.1.2. Our security-domain is using cache-type="default". After some examination of jboss's sources we found that

      {code}org.jboss.as.security.plugins.DefaultAuthenticationCacheFactory{code}

      executes logout during cache eviction. Why it is nessesary to logout if in case of cache miss request would be handled by authentificator?

       

      To fix this we started to use infinispan strategy with sufficient capacity (more then 1000 entries).