[
https://issues.apache.org/jira/browse/QPID-7198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15394044#comment-15394044
]
Keith Wall commented on QPID-7198:
----------------------------------
Lorenz, changes looked fine. I made a commit to simplify the exception
handling in {{CryptoUtil}} (no functional change), and added a note to the
documentation.
> LDAP and OAUTH2 Authentication Providers should cache authentication results
> for a short period
> -----------------------------------------------------------------------------------------------
>
> Key: QPID-7198
> URL: https://issues.apache.org/jira/browse/QPID-7198
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Keith Wall
> Assignee: Keith Wall
> Fix For: qpid-java-6.1
>
> Attachments:
> 0001-QPID-7198-Java-Broker-WIP-Make-LDAP-and-OAUTH2-Authe.patch
>
>
> The OAUTH2 and LDAP authentication providers should be changed to cache
> authentication results for a short (configurable) period. If the same
> authentication provider receives the same credentials again (i.e. matching
> username and password in the case of LDAP), it should reuse the cached
> authentication result. The cached authentication result should expire
> automatically. Negative authentication results should be cached too.
> This will serve to reduce load on authentication backends (such as
> Directories). It will be especially useful when the REST API to used for
> programmatically monitoring the Broker which otherwise may create an
> excessive load on the backend.
> The authentication provider must not retain the user passwords in clear. The
> size of the cache should be constrained.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
