Re: [security-dev] any way to store global information?

On 9/12/2012 2:21 PM, Anil Saldhana wrote: > The JDK Jaas stack is an expensive operation that is performed each time > you go to the LoginContext.login() process. The login modules are > created via class.forname and then set a shared map etc. > > So for each stack invocation, you can use the shared state/map/options > for caching information and pass around the modules. But you cannot use > it across lets say 10 JAAS login attempts. For that, you will have to > look at some caching mechanism at the security subsystem or container level. > #1 My login module requires shutting off the cache as it is obtaining role mappigs from the HTTP request. #2. I Don't understand what you're saying about the options map. It gets destroyed and reinitialized after 10 login attempts? WTF? What I want to store in the options map is pre-initialized connections to a remote endpoint so I don't have to do this setup on every login request.