[jira] [Updated] (QPID-7198) LDAP and OAUTH2 Authentication Providers should cache authentication results for a short period

Tue, 03 May 2016 05:11:44 -0700 

     [ 
https://issues.apache.org/jira/browse/QPID-7198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Keith Wall updated QPID-7198:
-----------------------------
    Description: 
The OAUTH2 and LDAP authentication providers should be changed to cache 
authentication results for a short (configurable) period.  If the same 
authentication provider receives the same credentials again (i.e. matching 
username and password in the case of LDAP), it should reuse the cached 
authentication result.   The cached authentication result should expire 
automatically.  Negative authentication results should be cached too.

This will serve to reduce load on authentication backends (such as 
Directories).  It will be especially useful when the REST API to used for 
programmatically monitoring the Broker which otherwise may create an excessive 
load on the backend.

The authentication provider must not retain the user passwords in clear.  The 
size of the cache should be constrained.



  was:
The OAUTTH2 and LDAP authentication providers should be changed to cache 
authentication results for a short (configurable period).  If the same 
authentication provider receives the same credentials again (i.e. matching 
username and password), it should reuse the cached authentication result.   The 
cached authentication result should expire automatically.

This would serve to reduce load on authentication backends (such as 
Directories).  It will be especially useful when the REST API to used for 
programmatically monitoring the Broker which otherwise may create an excessive 
load on the backend.

The authentication provider must not retain the user passwords in clear.


> LDAP and OAUTH2 Authentication Providers should cache authentication results 
> for a short period
> -----------------------------------------------------------------------------------------------
>
>                 Key: QPID-7198
>                 URL: https://issues.apache.org/jira/browse/QPID-7198
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Keith Wall
>
> The OAUTH2 and LDAP authentication providers should be changed to cache 
> authentication results for a short (configurable) period.  If the same 
> authentication provider receives the same credentials again (i.e. matching 
> username and password in the case of LDAP), it should reuse the cached 
> authentication result.   The cached authentication result should expire 
> automatically.  Negative authentication results should be cached too.
> This will serve to reduce load on authentication backends (such as 
> Directories).  It will be especially useful when the REST API to used for 
> programmatically monitoring the Broker which otherwise may create an 
> excessive load on the backend.
> The authentication provider must not retain the user passwords in clear.  The 
> size of the cache should be constrained.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to