[ https://issues.apache.org/jira/browse/ARTEMIS-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17279809#comment-17279809 ]
Luís Alves commented on ARTEMIS-2886: ------------------------------------- Created [ARTEMIS-3102|https://issues.apache.org/jira/browse/ARTEMIS-3102]. Throwing a Runtime Exception (cannot send any checked exception) will not do the trick as the connection is not terminated. The client just receive a GENERIC_EXCEPTION and the connection remains in the pool. For now, my solution is to trust the token even when it's expired, but this has a lot of downsides. > Optimize security auth > ---------------------- > > Key: ARTEMIS-2886 > URL: https://issues.apache.org/jira/browse/ARTEMIS-2886 > Project: ActiveMQ Artemis > Issue Type: Improvement > Reporter: Justin Bertram > Assignee: Justin Bertram > Priority: Major > Fix For: 2.16.0 > > Time Spent: 6h 10m > Remaining Estimate: 0h > > Both authentication and authorization will hit the underlying security > repository (e.g. files, LDAP, etc.). For example, creating a JMS connection > and a consumer will result in 2 hits with the *same* authentication request. > This can cause unwanted (and unnecessary) resource utilization, especially in > the case of networked configuration like LDAP. > There is a rudimentary cache for authorization, but it is cleared *totally* > every 10 seconds by default (controlled via the > {{security-invalidation-interval setting}}), and it must be populated > initially which still results in duplicate auth requests. -- This message was sent by Atlassian Jira (v8.3.4#803005)