Closed Alexaas closed 5 years ago
Hi Alex,
Cached entries are managed by the cache manager. In the configuration you specify the cache manager to be used, so it is under your control. In the sample this is https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/samples/spring-security-basic-auth/src/main/java/sample/spring/xsuaa/SecurityConfiguration.java#L48 You will have a similar configuration.
The default cache manager Spring gives you is a HashMap, which does not have a time to live specified. For your use case I recommend to change it with a cache manager supporting a time to live, e.g. https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-caching.html#boot-features-caching-provider-caffeine
When properly configured, it will expire cache entries.
Regards,
Martijn
Hi Martijn, thanks for your answer. I will give it a try. But your example above does also not work correctly then, right? I mean it would also fail if the cached token is outdated? Best Regards, Alex
And one more question: What would be a good time for the cache invalidation?
I need to check if the lib can check for token validity before returning. For now I recommend to use cache timeout << token validity. Default token validity is 12 hours of not changed in the xs-security.json file. Using a cache timeout like 15 or 30 minutes should be ok.
Hi, I've updated the sample accordingly: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/samples/spring-security-basic-auth/src/main/java/sample/spring/xsuaa/SecurityConfiguration.java
Hi, in class TokenBrokerResover a retrieved token is cached based on token url/client id/client secret. This triple usually does not change so a Token is cached for a long time. But at a certain point in time a token is outdated. TokenBrokerResolver returns an outdated token in this case. See TokenBrokerResolver->getBrokerToken
String cacheKey = createSecureHash(oauthTokenUrl, credentialDetails[0], credentialDetails[1]); String storedToken = tokenCache.get(cacheKey, String.class); This piece of code is used several times in this method
Please provide a more intelligent caching or remove caching. As we wanted to ship tomorrow this is urgent for us.
Thanks and Regards, Alex