[REPO-671] Use domain rules as the key for the access manager cache, instead of the user id - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Outdated
Affects Version/s: None
Fix Version/s: Backlog
Component/s: None
Labels:
None

Description

The access manager currently uses the user id as the key to look up a cache. (i.e. the cache is shared between different sessions that share a user id) This can make the cache inconsistent when domain rules change. To mitigate this problem, the cache is flushed whenever a session is closed.

If the domain rules themselves would be used for the cache key, new caches would be created when the rules change. The caches would no longer become inconsistent and the flushing would no longer be necessary. Furthermore, if the domain rules do not use the _USER_ expander and all authorization is group based, different users in the same group can even share a cache.

The elimination of shared cache flushing when a session is logged out could improve performance, e.g. in session pooling situations where many sessions share a read access cache.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Frank van Lankvelt (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Jun/13 12:27 PM

Updated:: 02/Jan/17 11:16 AM

Resolved:: 02/Jan/17 11:16 AM