[jira] [Updated] (ARTEMIS-2886) Optimize security auth

Tue, 25 Aug 2020 13:41:11 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Bertram updated ARTEMIS-2886:
------------------------------------
    Description: 
Both authentication and authorization will hit the underlying security 
repository (e.g. files, LDAP, etc.). For example, creating a JMS connection and 
a consumer will result in 2 hits with the *same* authentication request. This 
can cause unwanted (and unnecessary) resource utilization, especially in the 
case of networked configuration like LDAP.

There is a rudimentary cache for authorization, but it is cleared *totally* 
every 10 seconds by default (controlled via the 
{{security-invalidation-interval setting}}), and it must be populated initially 
which still results in duplicate auth requests.

  was:
Both authentication and authorization will hit the underlying security 
repository (e.g. files, LDAP, etc.). For example, creating a JMS connection and 
a consumer will result in 2 hits with the *same* authentication request. This 
can cause unwanted (and unnecessary) resource utilization, especially in the 
case of networked configuration like LDAP.

There is a rudimentary cache for authorization, but it is cleared *totally* 
every 10 seconds by default (controlled via the 
{{security-invalidation-interval setting}}), and it must be populated 
initially which still results in duplicate auth requests.


> Optimize security auth
> ----------------------
>
>                 Key: ARTEMIS-2886
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2886
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>
> Both authentication and authorization will hit the underlying security 
> repository (e.g. files, LDAP, etc.). For example, creating a JMS connection 
> and a consumer will result in 2 hits with the *same* authentication request. 
> This can cause unwanted (and unnecessary) resource utilization, especially in 
> the case of networked configuration like LDAP.
> There is a rudimentary cache for authorization, but it is cleared *totally* 
> every 10 seconds by default (controlled via the 
> {{security-invalidation-interval setting}}), and it must be populated 
> initially which still results in duplicate auth requests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to