> On Jan 6, 2016, at 9:07 AM, Jan Sindberg <[email protected]> wrote: > > The no-go of a local cache is that security is always about the least > priviliges. We don't want to let users continue for "too long" when we chance > their permissions on the fly - all because of a network or server problem. > Then it is better to not give access at all. > > But the problem I encounter here is that fortress will never again be able to > connect if the first connection fails. I guess it has something to do with > classloader? The subsequent java.lang.NoClassDefFoundError comes even when > the LDAP is running again. This means that we will have to restart the whole > web application in order to get it working again - and that is not a viable > option because it will affect many other users.
Agree with your least priv notion. And yes it is a classloader issue of sorts - the initialization happens inside static code blocks inside the config and pool classes and that happens the first time each class is loaded. There is no retry once that initialization has failed. This is a solvable problem if not an easy one to fix. Need to think more about it. (Open to ideas) Shawn
