[security-dev] any way to store global information?
bburke at redhat.com
Wed Sep 12 15:42:54 EDT 2012
On 9/12/2012 2:21 PM, Anil Saldhana wrote:
> The JDK Jaas stack is an expensive operation that is performed each time
> you go to the LoginContext.login() process. The login modules are
> created via class.forname and then set a shared map etc.
> So for each stack invocation, you can use the shared state/map/options
> for caching information and pass around the modules. But you cannot use
> it across lets say 10 JAAS login attempts. For that, you will have to
> look at some caching mechanism at the security subsystem or container level.
#1 My login module requires shutting off the cache as it is obtaining
role mappigs from the HTTP request.
#2. I Don't understand what you're saying about the options map. It
gets destroyed and reinitialized after 10 login attempts? WTF? What I
want to store in the options map is pre-initialized connections to a
remote endpoint so I don't have to do this setup on every login request.
JBoss, a division of Red Hat
More information about the security-dev