JSecurity Cache

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

JSecurity Cache

Marc Dworkin
Hi All,
 
Forwarding this to this list as it may be the more appropriate.
 
Thanks!
 
Marc

----- Forwarded Message ----
From: Marc Dworkin <[hidden email]>
To: Grails Users <[hidden email]>
Sent: Tuesday, December 23, 2008 2:37:03 PM
Subject: [grails-user] JSecurity Cache

Hi,

 

I am building an app where authorization is a dynamically determined by domain object properties.  I chose to use JSecurity, wrote a realm that encapsulates the authorization logic and have been using the jsec:hasPermission tag to filter content.

 

My problem is that it appears that JSecurity is cache-ing authorization, and so not picking up when it changes.   How do I turn off this cache-ing, or how can I programmatically clear the cache?

 

Thanks!

 

Marc

Reply | Threaded
Open this post in threaded view
|

Re: JSecurity Cache

Les Hazlewood-2
See AuthorizingRealm.clearCachedAuthorizationInfo - that should do the trick.  You should call that method when the user's authorization state changes (e.g. roles associations, directly assigned permissions, etc)

If you don't want to do that (don't want to call your realm's implementation every time you change security state elsewhere in your app), then my personally preferred approach is to not use AuthorizingRealm at all - I usually subclass AuthenticatingRealm directly and implement the authorization methods directly, relying on Hibernate and its 2nd-level cache to relieve any performance hit of traversing object graphs (user.getRoles(), role.getPerrmissions()).  

This is the best way if you 1) changes to a Subject/User's security assignments must be immediately reflected instead of waiting for them to log out _and_ 2) want the best possible performance to ensure these 'check every time' operations don't result in lots of queries to the database.

I hope that helps!

Cheers,

Les

On Tue, Dec 23, 2008 at 5:14 PM, Marc Dworkin <[hidden email]> wrote:
Hi All,
 
Forwarding this to this list as it may be the more appropriate.
 
Thanks!
 
Marc

----- Forwarded Message ----
From: Marc Dworkin <[hidden email]>
To: Grails Users <[hidden email]>
Sent: Tuesday, December 23, 2008 2:37:03 PM
Subject: [grails-user] JSecurity Cache

Hi,

 

I am building an app where authorization is a dynamically determined by domain object properties.  I chose to use JSecurity, wrote a realm that encapsulates the authorization logic and have been using the jsec:hasPermission tag to filter content.

 

My problem is that it appears that JSecurity is cache-ing authorization, and so not picking up when it changes.   How do I turn off this cache-ing, or how can I programmatically clear the cache?

 

Thanks!

 

Marc


Reply | Threaded
Open this post in threaded view
|

Re: JSecurity Cache

Marc Dworkin
Thanks!


From: Les Hazlewood <[hidden email]>
To: [hidden email]
Sent: Tuesday, December 23, 2008 9:12:47 PM
Subject: Re: JSecurity Cache

See AuthorizingRealm.clearCachedAuthorizationInfo - that should do the trick.  You should call that method when the user's authorization state changes (e.g. roles associations, directly assigned permissions, etc)

If you don't want to do that (don't want to call your realm's implementation every time you change security state elsewhere in your app), then my personally preferred approach is to not use AuthorizingRealm at all - I usually subclass AuthenticatingRealm directly and implement the authorization methods directly, relying on Hibernate and its 2nd-level cache to relieve any performance hit of traversing object graphs (user.getRoles(), role.getPerrmissions()).  

This is the best way if you 1) changes to a Subject/User's security assignments must be immediately reflected instead of waiting for them to log out _and_ 2) want the best possible performance to ensure these 'check every time' operations don't result in lots of queries to the database.

I hope that helps!

Cheers,

Les

On Tue, Dec 23, 2008 at 5:14 PM, Marc Dworkin <[hidden email]> wrote:
Hi All,
 
Forwarding this to this list as it may be the more appropriate.
 
Thanks!
 
Marc

----- Forwarded Message ----
From: Marc Dworkin <[hidden email]>
To: Grails Users <[hidden email]>
Sent: Tuesday, December 23, 2008 2:37:03 PM
Subject: [grails-user] JSecurity Cache

Hi,

 

I am building an app where authorization is a dynamically determined by domain object properties.  I chose to use JSecurity, wrote a realm that encapsulates the authorization logic and have been using the jsec:hasPermission tag to filter content.

 

My problem is that it appears that JSecurity is cache-ing authorization, and so not picking up when it changes.   How do I turn off this cache-ing, or how can I programmatically clear the cache?

 

Thanks!

 

Marc