Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement SecurityContextRepository to synchronize user service state with security state #33

Open
joshlong opened this issue Aug 30, 2013 · 0 comments
Open

implement SecurityContextRepository to synchronize user service state with security state #33

joshlong opened this issue Aug 30, 2013 · 0 comments
Assignees
@rwinch

Comments

@joshlong
Copy link
Collaborator

Problem is this: currently a principal is stored in the session and cached. to avoid relying on stale data, we simply use the current principal to lookup the ID and then refetch the user using the service. this creates a double penalty: one hit for the initial authentication, and N more hits each time we lookup the system user. Instead:

implement SecurityContextRepository. The SecurityContextRepository could - instead of storing the User in session store the User ID in session and then on each request lookup the User from the service tier and place that in the SecurityContext. The service tier, in turn, could employ @Cacheable to cache requests.
@ghost ghost assigned rwinch Aug 30, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshlong @rwinch