[QPID-7198] LDAP and OAUTH2 Authentication Providers should cache authentication results for a short period - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: qpid-java-6.1
Component/s: Broker-J
Labels:
None

Description

The OAUTH2 and LDAP authentication providers should be changed to cache authentication results for a short (configurable) period. If the same authentication provider receives the same credentials again (i.e. matching username and password in the case of LDAP), it should reuse the cached authentication result. The cached authentication result should expire automatically. Negative authentication results should be cached too.

This will serve to reduce load on authentication backends (such as Directories). It will be especially useful when the REST API to used for programmatically monitoring the Broker which otherwise may create an excessive load on the backend.

The authentication provider must not retain the user passwords in clear. The size of the cache should be constrained.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-QPID-7198-Java-Broker-WIP-Make-LDAP-and-OAUTH2-Authe.patch
22/Jul/16 15:55
4 kB
Lorenz Quack

Activity

People

Assignee:: Keith Wall

Reporter:: Keith Wall

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Apr/16 12:08

Updated:: 02/Oct/19 19:21

Resolved:: 27/Jul/16 09:54