[jboss-jira] [JBoss JIRA] (WFLY-7096) Security domain casche dosn't respect infinispan settings
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Sep 13 07:57:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-7096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292520#comment-13292520 ]
Darran Lofthouse commented on WFLY-7096:
----------------------------------------
The Infinispan cache setting is something left over from initial development in 2011 - to properly support Infinispan based caching both the cache container and the name of the cache would need to be configurable within the security subystem.
> Security domain casche dosn't respect infinispan settings
> ---------------------------------------------------------
>
> Key: WFLY-7096
> URL: https://issues.jboss.org/browse/WFLY-7096
> Project: WildFly
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 10.0.0.Final, 10.1.0.Final
> Environment: Tested on Windows 7
> Reporter: Marcin Fatyga
> Assignee: Darran Lofthouse
> Attachments: patch.txt, standalone.xml, test_webapp.zip
>
>
> In securitydomain we can set "casche-type" to infinispan. Auntentication request ara now stored in infinispan casch, but any settings of this casche (configured in infinispan subsystem) are not applied. Casche is always stored in memory and never expiries.
> This is serious security issue because after first authentication request credentials, will never be verified again.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list