JSecurity will use caching in 3 major areas: authorization, session management and authentication. Currently Authentication is not supported, and there is an open Jira issue for it.
Authorization caching is orthogonal to enterprise Sessions: it means the AuthorizationInfo returned from one or more realms during the authentication process is cached so that subsequent authz (role/permission) checks don't need to 'hit' a datasource to acquire that information. This is strictly not needed if you already use a 2nd-level cache (e.g. with JPA/Hibernate) to cache your user/role/permission objects already. But if you don't use authz caching, and you don't use already use a 2nd-level cache for these domain objects, Realm implementations would 'hit' their backing datasource (3rd party system, RDBMS, whatever) every time when performing an authz check. Most people want one of those two caching strategies in place to avoid such datasource round trips . The Session management infrastructure uses a SessionDAO to perform CRUD operations for enterprise sessions. The default SessionDAO implementation is backed only by a Cache instance. It is expected that if using this default SessionDAO implementation, that the Cache is some quality Cache framework implementation, e.g. Terracotta, Coherence, Ehcache, etc. Users can always plug in their own Cache implementation or bypass that entirely and specify their a SessionDAO implementation directly if desired. If you want to follow how Cache objects are made available, the best thing to do is to look at the CachingSecurityManager implementation, and follow the setCacheManager and template methods afterCacheManagerSet and see how it is used by subclasses to create Caches as necessary. HTH, Les On Wed, Feb 25, 2009 at 11:48 PM, Kalle Korhonen <[email protected] > wrote: > Am I right to assume that cache is really only useful if you use > JSecurity's enterprise session? I fail to see the benefits when using http > (servlet container) session, but my app keeps complaining that "No cache or > cacheManager properties have been set. Authorization caching is disabled.". > Where could I find more documentation on it, googling I only found posts on > the mailing list about it. Is it documented anywhere what JSecurity stores > in the cache, or can somebody just point me to the relevant piece of > code/javadoc? > > Kalle >
