[security-dev] any way to store global information?

Anil Saldhana Anil.Saldhana at redhat.com
Wed Sep 12 15:45:46 EDT 2012


On 09/12/2012 02:42 PM, Bill Burke wrote:
>
> On 9/12/2012 2:21 PM, Anil Saldhana wrote:
>> The JDK Jaas stack is an expensive operation that is performed each time
>> you go to the LoginContext.login() process. The login modules are
>> created via class.forname and then set a shared map etc.
>>
>> So for each stack invocation, you can use the shared state/map/options
>> for caching information and pass around the modules.  But you cannot use
>> it across lets say 10 JAAS login attempts. For that, you will have to
>> look at some caching mechanism at the security subsystem or container level.
>>
> #1 My login module requires shutting off the cache as it is obtaining
> role mappigs from the HTTP request.
>
> #2.  I Don't understand what you're saying about the options map.  It
> gets destroyed and reinitialized after 10 login attempts?  WTF?  What I
> want to store in the options map is pre-initialized connections to a
> remote endpoint so I don't have to do this setup on every login request.
>
http://docs.oracle.com/javase/6/docs/api/javax/security/auth/spi/LoginModule.html
The shared state and options in login modules get created and destroyed 
after every JAAS invocation.  I just meant if you want to share stuff 
across jaas logins, then you have to look at an external cache (nothing 
related to jaas stuff). Forget the 10.


More information about the security-dev mailing list