You are indeed correct that it should be caching the AuthorizationInfo lookup for role/permission checks - at least that is what the code 'says'.
There are a few trace/debug/info log messages in AuthorizingRealm that are printed when an authorization check occurs, particularly in the initAuthorizationCache() and getAuthorizationInfo() methods . Do you have that output? - Les On Tue, Oct 7, 2008 at 8:51 AM, Peter Ledbrook <[EMAIL PROTECTED]> wrote: > Hi, > > I'm forwarding this to the JSecurity mailing list since it relates the > the core JSecurity classes. > > Cheers, > > Peter > > 2008/10/6 Skowronek <[EMAIL PROTECTED]>: >> >> I have a Grails application using version 1.0.3. The JSecurity plugin >> version 0.3-SNAPSHOT is installed. >> >> I created a realm called AdamRealm, which extends AbstractLdapRealm to take >> advantage of the services in the hierarchy. Specifically caching. >> AdamRealm is very similar to ActiveDirectoryRealm. >> >> After launching the app, the realm is created as well as the CacheManager as >> shown in the log entries below. >> >> [com.jud.realm.AdamRealm] AdamRealm created >> [org.jsecurity.mgt.CachingSecurityManager] Attempting to initialize default >> CacheManager using EhCache... >> [org.jsecurity.cache.ehcache.EhCacheManager] cacheManager property not set. >> Constructing CacheManager instance... >> [org.jsecurity.io.ResourceUtils] Opening resource from class path >> [org/jsecurity/cache/ehcache/ehcache.xml]... >> [org.jsecurity.cache.ehcache.EhCacheManager] instantiated Ehcache >> CacheManager instance. >> [org.jsecurity.cache.ehcache.EhCacheManager] implicit cacheManager created >> successfully. >> >> >> If a user tries to access a restricted resource for the first time, I see >> that the queryForAuthenticationInfo(AuthenticationToken token, >> LdapContextFactory ldapContextFactory) implementation is called as expected >> and the user is authenticated. >> >> [com.jud.realm.AdamRealm] queryForAuthenticationInfo started >> DEBUG [org.jsecurity.authc.AbstractAuthenticator] Authentication successful >> for token [org.jsecurity.authc.UsernamePasswordToken - abc00, >> rememberMe=false]. Returned account: >> [EMAIL PROTECTED] >> >> >> Next, the the queryForAuthorizationInfo(PrincipalCollection principals, >> LdapContextFactory ldapContextFactory) implementation is called as expected >> since this is the first time a restricted resource is being accessed by the >> user. >> >> DEBUG [com.jud.realm.AdamRealm] queryForAuthorizationInfo started >> >> My understanding is that for all subsequent requests made by the user, the >> queryForAuthorizationInfo() shouldn't be called. Instead, >> AuthorizingRealm.getAuthorizationInfo(PrincipalCollection principals) should >> pull the AuthorizationInfo from the cache, but that doesn't happen. For >> every subsequent request, I see the queryForAuthorizationInfo() being >> called. >> >> Any assistance on how to get the realm to pull the AuthorizationInfo from >> the cache would be appreciated. >> >> Thank you. >> >> -- >> View this message in context: >> http://www.nabble.com/JSecurity-Plugin%2C-AbstractLdapRealm-and-Caching-tp19843999p19843999.html >> Sent from the grails - user mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this list, please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> > > > > -- > Software Engineer > G2One, Inc. > http://www.g2one.com/ >
