Configurations we need to think of for the new cache implementation:
- enable/disable cache per security domain
- cache size limit
- expiration time
We also need to make custom principals work when the cache is disabled. As it is today the information about the caller principal is only available when the cache is enabled. When we have a custom principal as the caller principal this all falls apart.