]
Darran Lofthouse reassigned ELY-524:
------------------------------------
Assignee: Pedro Igor (was: Darran Lofthouse)
Caching support in the LDAP realm
---------------------------------
Key: ELY-524
URL:
https://issues.jboss.org/browse/ELY-524
Project: WildFly Elytron
Issue Type: Feature Request
Components: Realms
Reporter: David Lloyd
Assignee: Pedro Igor
Priority: Critical
Fix For: 1.1.0.Beta8
The LDAP realm should use a caching strategy to avoid excessive database load in the
presence of per-request authentication traffic.
The realm implementation could maintain a synchronized LRU cache of one-time-initialize
references to a cached DirContext or Attributes or binding or some combination of these.
Because the cache is synchronized, the one-time-initialize object would be added under the
lock and then the lock released before the object is populated and returned as a cached
credential, allowing atomic action with a minimum of contention.
For each cached entity, a NamingListener could be established which would invalidate (or
possibly update) the cached value as the database changes.
Alternatively, a NamingListener could be established for all identities, and each update
would invalidate or update any cached values corresponding to the DN or resolved name.
This is a complex design topic so discussion is welcome.