[Building Sakai] Clearing the security cache?
Stephen Marquard
stephen.marquard at uct.ac.za
Thu Jun 11 09:08:23 PDT 2009
Hi Chris,
When a security lookup is cached, it uses a multirefcache that stores
the list of authzgroups that was consulted for the authz lookup for the
given user, function and reference. This is for caching the results of
SecurityService.unlock() calls - it doesn't cache whole realms for
example.
The cache is also an event listener which observes changes to
authzgroups (events with modify=true). If it sees a change to an
authzgroup, it invalidates all security cache entries that involve that
authzgroup.
Regards
Stephen
>>> On Thu, Jun 11, 2009 at 6:00 PM, "Maurer, Christopher Wayne"
<chmaurer at iupui.edu> wrote:
So I saw some mention of this and would like to know if this is
documented somewhere? Looking through some code related to the role
swap stuff, I see this:
// This will clear all cached security lookups involving this realm,
thereby forcing the permissions to be rechecked.
eventTrackingService().post(eventTrackingService().newEvent(EVENT_ROLESWAP_CLEAR,
org.sakaiproject.authz.api.AuthzGroupService.REFERENCE_ROOT +
Entity.SEPARATOR + azGroupId, true));
So, I can post an event and it’ll clear the cache? I’d love to
know more about this!
Chris
More information about the sakai-dev
mailing list