Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.30.0
-
None
-
None
Description
To disable authentication cache you have to set the following config option:
setAuthenticationCacheSize(0)
SecurityStoreImpl then creates the following guava cache with maximumSize set to 0:
authenticationCache = CacheBuilder.newBuilder() .maximumSize(authenticationCacheSize) .expireAfterWrite(invalidationInterval, TimeUnit.MILLISECONDS) .build();
The way the guava LocalCache implementation works with maximumSize is that even with size 0 an entry is added but then is removed; this means that another thread can end up pulling an entry out of the cache before it is evicted; even though maximumSize is set to 0.
It has taken me some effort to track down this timing issue but the behaviour is also explained in the guava docs:
When size is zero, elements will be evicted immediately after being loaded into the cache. This can be useful in testing, or to disable caching temporarily without a code change.This feature cannot be used in conjunction with maximumWeight
Based on these findings no auth cache should be created at all when size 0 is requested.
Attachments
Issue Links
- links to
