You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
When using ldap security and servlets, every request/response re-authenticates. Especially the role lookup can take a lot of time. Hence, the elytron cache should be possible to enable
Implementation ideas
The existing io.quarkus.elytron.security.ldap.LdapRecorder class seems a good point for this: The last line is:
return new RuntimeValue<>(builder.build());
You can do something like:
//These come from application.properties
int config_cache_size=10000;
long config_cache_time_to_live=1000L6015;//15 minutes
SecurityRealm ldapRealm = builder.build();
if (ldapRealm instanceof CacheableSecurityRealm&&config_cache_size!=0) {
// Cache 15 minuten
ldapRealm = new CachingSecurityRealm((CacheableSecurityRealm) ldapRealm,
new LRURealmIdentityCache(config_cache_size, config_cache_time_to_live));
}
return new RuntimeValue<>(ldapRealm);
The text was updated successfully, but these errors were encountered:
@hartimcwildfly I think I answered you in another thread or on the chat, so I'll add my answer from long ago here:
In my experience, all security parameters should be tuneable at run time. Security setup can differ between dev and prod, and might be adapted by different teams.
We managed to introduce keycloak in our organisation, so my interest for LDAP has seriously diminished since writing these calls.
Description
When using ldap security and servlets, every request/response re-authenticates. Especially the role lookup can take a lot of time. Hence, the elytron cache should be possible to enable
Implementation ideas
The existing io.quarkus.elytron.security.ldap.LdapRecorder class seems a good point for this: The last line is:
You can do something like:
//These come from application.properties
int config_cache_size=10000;
long config_cache_time_to_live=1000L6015;//15 minutes
The text was updated successfully, but these errors were encountered: