[jboss-jira] [JBoss JIRA] (WFCORE-2662) Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit

Fri Jul 7 06:35:01 EDT 2017

     [ https://issues.jboss.org/browse/WFCORE-2662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFCORE-2662.
--------------------------------------
    Fix Version/s: 3.0.0.Beta29
       Resolution: Done


> Elytron caching-realm backed by ldap-realm should avoid hitting LDAP for a cache hit
> ------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2662
>                 URL: https://issues.jboss.org/browse/WFCORE-2662
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 3.0.0.Beta14
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>            Priority: Blocker
>              Labels: caching, ldap, ldap-realm, security-realm
>             Fix For: 3.0.0.Beta29
>
>
> Elytron {{caching-realm}} backed by {{ldap-realm}} provides caching for identity objects but not for related credentials and attributes. This is currently due to design of {{ldap-realm}} (like in case of {{filesystem-realm}}, see JBEAP-8628).
> Credentials and attributes should not be loaded from LDAP for a cache hit.
> Blocks EAP7-542 Elytron Caching Support. Note: caching of credentials is not a requirement, but may be reconsidered and become an enhancement to overall performance, see analysis document of the RFE. However, {{jdbc-realm}} is designed to enable caching of credentials. To be consistent, the {{ldap-realm}} should also enable caching of credentials.


--
This message was sent by Atlassian JIRA
(v7.2.3#72005)