[security-dev] any way to store global information?
Anil.Saldhana at redhat.com
Wed Sep 12 14:21:14 EDT 2012
The JDK Jaas stack is an expensive operation that is performed each time
you go to the LoginContext.login() process. The login modules are
created via class.forname and then set a shared map etc.
So for each stack invocation, you can use the shared state/map/options
for caching information and pass around the modules. But you cannot use
it across lets say 10 JAAS login attempts. For that, you will have to
look at some caching mechanism at the security subsystem or container level.
Historically, we have had an authentication manager cache that would
save username/credential (password or cert) and do cache authentication.
Only if there is failed cache login or a cache miss, would the jaas
stack get called. On success, the auth cache would be updated.
With the new PicketBox work, we can definitely consider some of your
requirements if you have any extra information.
On 09/12/2012 01:15 PM, Bill Burke wrote:
> Can you put stuff in the options or shared state map that is passed to
> On 9/12/2012 2:09 PM, Anil Saldhana wrote:
>> Not completely possible without use of some static cache.
>> On 09/12/2012 11:04 AM, Bill Burke wrote:
>>> Any way to store global information so that different calls to
>>> LoginModule.login() can share data, connections, etc.?
More information about the security-dev