[jboss-jira] [JBoss JIRA] (WFCORE-2662) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit

[Jan Kalina (JIRA)]

     [ https://issues.jboss.org/browse/WFCORE-2662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated WFCORE-2662:
-------------------------------
    Labels: caching ldap ldap-realm security-realm  (was: caching eap7.1-rfe-failure eap71_beta_candidate ldap ldap-realm security-realm)


> Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
> ------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2662
>                 URL: https://issues.jboss.org/browse/WFCORE-2662
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.0.Beta14
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>              Labels: caching, ldap, ldap-realm, security-realm
>
> Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see JBEAP-8628).
> Credentials and attributes should not be loaded from LDAP for a cache hit.
> Blocks EAP7-542 Elytron Caching Support. Note: caching of credentials is not a requirement, but may be reconsidered and become an enhancement to overall performance, see analysis document of the RFE. However, {{jdbc-realm}} is designed to enable caching of credentials. To be consistent, the {{ldap-realm}} should also enable caching of credentials.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)