Reload of FileUserPasswdStore does not invalidate lastSuccessfulAuthCache #87368
Labels
>enhancement
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
Reloading users and passwords in the file realm could potentially introduce new users or update existing.
This means that lastSuccessfulAuthCache may not be up to date anymore and would provide suboptimal order of authentication in RealmsAuthenticator. This is not a big problem since users still have a possibility to use clear cache API which would now clear
lastSuccessfulAuthCache
as well.Suggestion: We could improve this by registering a listener which would invoke expireAll in
AuthenticationService
, when the file realm store gets updated.Note: Compared to the native realm, we only need to clear the
lastSuccessfulAuthCache
on the local node.The text was updated successfully, but these errors were encountered: