Transition to enabling mechanisms to be 'managed' in server environment. ------------------------------------------------------------------------ Key: ELY-57 URL: https://issues.jboss.org/browse/ELY-57 Project: WildFly Elytron Issue Type: Task Reporter: Darran Lofthouse Fix For: 1.0.0.Beta1 For some mechanisms there is a fair amount of initialisation that needs to be performed each time the mechanism is used, e.g. for GSSAPI we have GSSName instances, GSSCredential instances etc... The existing convention for SASL mechanisms is that this initialisation occurs when the mechanism is instantiated which is at the time the relevant SaslServerFactory or SaslClientFactory is called. This convention really fits with the mechanisms being used in a JSE environment but once we move to a managed environment we are not so constrained. A few options: - - Provide a way a mechanism can cache something it has created so if called again it can re-use it. - Provide access to a factory / inject certain resources. - Make the mechanism fully managed in the server, when create is called the bulk of initialisation would have already occurred and what is returned handles the bare minimum state related to an authentication attemp (client or server side). One additional comment if we do consider something like this, some mechanisms may have items cached that once cached would never change for the lifetime of the process - for others we may have additional timeouts to consider such as Kerberos ticket expiration which may mean we want to regenerate cached resources at certain points.