[security-dev] any way to store global information?

Anil Saldhana Anil.Saldhana at redhat.com
Wed Sep 12 14:21:14 EDT 2012


The JDK Jaas stack is an expensive operation that is performed each time 
you go to the LoginContext.login() process. The login modules are 
created via class.forname and then set a shared map etc.

So for each stack invocation, you can use the shared state/map/options 
for caching information and pass around the modules.  But you cannot use 
it across lets say 10 JAAS login attempts. For that, you will have to 
look at some caching mechanism at the security subsystem or container level.

Historically, we have had an authentication manager cache that would 
save username/credential (password or cert) and do cache authentication. 
Only if there is failed cache login or a cache miss, would the jaas 
stack get called. On success, the auth cache would be updated.

With the new PicketBox work, we can definitely consider some of your 
requirements if you have any extra information.

On 09/12/2012 01:15 PM, Bill Burke wrote:
> Can you put stuff in the options or shared state map that is passed to
> LoginModule.initialize()?
>
> On 9/12/2012 2:09 PM, Anil Saldhana wrote:
>> Not completely possible without use of some static cache.
>>
>> On 09/12/2012 11:04 AM, Bill Burke wrote:
>>> Any way to store global information so that different calls to
>>> LoginModule.login() can share data, connections, etc.?
>>>
>>> Thanks
>>


More information about the security-dev mailing list