-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
None
In case when cache is used for legacy LDAP security realm and any access to secured resource occures, then entry is added into cache even if user has not been authenticated correctly.
Note, in reproducer there is cache-failures=false
"cache-failures - This is a boolean that enables/disables the caching of failed searches. This has the potential for preventing an LDAP server from being repeatedly access by the same failed search, but it also has the potential to fill up the cache with searches for users that do not exist. This setting is particularly important for the authentication cache. " [1]
And even with cache-failures = false , non existing user "takes slot" in cache, thus this
- effectively could make cache smaller, because valid entries could be evicted due to max-cache-size.
- reduce benefit of LDAP cache and impacts performance in unpredictable manner.
Same behavior can be seen in 7.0.0.GA.
- clones
-
JBEAP-9391 Legacy ldap realm, entry for non existing user are cached
- Closed