Append the IdType (membershipType/memberType) to the cache key, to avoid mixing up the result sets.
Previously, IdCachedServicesImpl's getMembers() and getMembership() did not consider the IdType, thus the results could get mixed up, leading to unexpected behaviour if the results would differ. Consequences may include a temporary inability of AM to correctly evaluate policies, resulting in correct enforcement of policies by the gateway. The result of the policy evaluation may also be cached, making the issue last longer than the lifespan of the entry within the cache.
The IdType is now suffixed to the key. For example, these would have been equivalent, without the change:
IdCachedServicesImpl.getMemberships(): Cache hit for key = id=admin,ou=user,o=iot_platform,o=wisx,ou=services,dc=openam,dc=forgerock,dc=org_role.
IdCachedServicesImpl.getMemberships(): Cache hit for key = id=admin,ou=user,o=iot_platform,o=wisx,ou=services,dc=openam,dc=forgerock,dc=org_group.
This should fix #662.
Append the IdType (membershipType/memberType) to the cache key, to avoid mixing up the result sets. Previously, IdCachedServicesImpl's getMembers() and getMembership() did not consider the IdType, thus the results could get mixed up, leading to unexpected behaviour if the results would differ. Consequences may include a temporary inability of AM to correctly evaluate policies, resulting in correct enforcement of policies by the gateway. The result of the policy evaluation may also be cached, making the issue last longer than the lifespan of the entry within the cache.
The IdType is now suffixed to the key. For example, these would have been equivalent, without the change: