Thanks. I've come to the same conclusion.  That OAuth2Accessor needs to be
persisted.  When I stubbed out a NoOp OAuth2Cache the redirect_uri servlet
request failed because it's trying to map a 'state' variable back to
accessor.  Ah, I keep finding fun stuff to implement.

doug


On 12/13/11 11:58 AM, "A Clarke" <cla...@gmail.com> wrote:

> Doug,
> 
> Both in-memory and non-caching options could be acceptable.  You could even
> provide your own OAuth2Store implementation that doesn't even use the
> OAuth2Persistence and OAuth2Cache interfaces.  It's not really possible to
> make a recommendation without knowing all the variables in your production
> environment.  I can say that from my personal experience (deploying shindig
> into a clustered environment) it was necessary to implement more robust
> caching of the OAuth2Accessor.
> 
> 
> 
> 
> On Tue, Dec 13, 2011 at 10:30 AM, daviesd <davi...@oclc.org> wrote:
> 
>> I understand that OAuth2Cache provides a mechanism for implementing a cache
>> that the OAuth2Store uses to limit requests to the OAuth2Persister.
>> However, if my OAuth2Persister implementation uses JPA or some other
>> persistence model that already has caching built-in, the OAuth2Cache is
>> redundant and probably not desired.  Especially if you have deployed
>> multiple shindig servers serving up the same domain.  You¹d then have to
>> have ³stickiness² set to guarantee getting a value from the cache,
>> otherwise
>> it would just be hitting the persister anyway.
>> 
>> So my question is... Can I provided an OAuth2Cache implementation that does
>> nothing (other than return nulls when requesting objects)?  Or would the
>> in-memory implementation be sufficient for a production environment?
>> 
>> Thanks,
>> Doug
>> 
>> 


Reply via email to