[jboss-user] [Security & JAAS/JBoss] - Custom Caches Per Security Domain
EvanSchnell
do-not-reply at jboss.com
Tue Apr 3 10:01:48 EDT 2007
I am looking for an example of how one might set different CachePolicies, or at least different timeouts, for different application-policies. I am unable to find anything other than a brief mention of AuthenticationCacheJndiName in the documentation.
My main application-policy governs web user access using a subclass of HttpServletRequestLoginModule. At the same time I have an application-policy using SecureIdentityLoginModule to allow encrypted passwords for each of my datasources. The user authentication policy needs to have a very short timeout so changes to user rights are reflected rather quickly. However, the database passwords won't change outside a server restart so theoretically I should never expire them.
Stress testing is showing problems with JaasSecurityManager.updateCache when the datasources are under load; even with the fix for http://jira.jboss.org/jira/browse/JBAS-3141 in place. Tuning the caching seems like a good option.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4034092#4034092
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4034092
More information about the jboss-user
mailing list