CODEWITHSUNDEEP
cachingjbossbasic-authenticationwildfly-8infinispan
TheNorthWes
TheNorthWes

Reputation: 2739

Browser access to the Infinispan Cache Lifespan for Security Cache is not expiring

For my application I have a combination of a REST service; and a web site. Both of which are within the same web app.

To secure both I added this security domain to my standalone.xml. (MyAuthClass is a basic authentication extension that reaches out to a third party system for authentication)

   <subsystem xmlns="urn:jboss:domain:security:1.2">
        <security-domains>
            <security-domain name="my-authentication" cache-type="infinispan">
                <authentication>
                    <login-module code="com.myAuthClass.Impl" flag="required"/>
                </authentication>
            </security-domain>
            <security-domain name="other" cache-type="default">
...

I was using cache-type="default" but then I adapted to infinispan, so I can set a life span. As I understand it I set up a special cache like so. 

<subsystem xmlns="urn:jboss:domain:infinispan:2.0">
        <cache-container name="security" default-cache="auth-cache" module="org.wildfly.clustering.web.infinispan" aliases="standard-security-cache">
            <local-cache name="auth-cache" batching="true">
                <expiration lifespan="10000"/>
            </local-cache>
        </cache-container>

The behavior I am now getting is frustrating. When I use a REST test tool, like Poster, I see a 10 second expiration on the principal I have stored. However, when I visit the website and browse around and hit those same REST endpoints, I don't see any timeout.

I am fairly new to this configuration effort and so I think I am just missing something, or my browser is doing some tricky keep alive I don't know about.

Has anyone seen this behavior and knows the solution to enforcing a timeout in the browser when using infinispan and a basic auth extension?

Upvotes: 1

Views: 1210

Answers (1)

TheNorthWes
TheNorthWes

Reputation: 2739

I solved this almost immediately after writing this question...

Also in the Standalone.xml there is a cache container which the web site is using. Cleverly named web 

  <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> ...

What I ended up doing was setting the cache expiration on this as well and now I seem to get the expected behaviors. I left the expiration in the security context as well, because that is what is driving the REST timeouts when someone is just using our services.

Final Web Cache configuration:

        <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
            <local-cache name="passivation" batching="true">
                <expiration lifespan="10000"/>
                <file-store passivation="true" purge="false"/>
            </local-cache>
            <local-cache name="persistent" batching="true">
                <expiration lifespan="10000"/>
                <file-store passivation="false" purge="false"/>
            </local-cache>
        </cache-container>

Upvotes: 3

Related Questions