You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Santosh Kulkarni <sk...@jcpenney.com> on 2009/04/03 17:15:12 UTC
WS security username token caching
Hi all,
Where can I get some pointers/examples on how to cache the
authentication information so I do not have to go to the authentication
server for every single request?
A little background:
I'm using apache-cxf and ws-security username token profile. The
callback goes out and authenticates against a remote LDAP server.
It's required to be a high volume service so looking for ways to avoid
hitting the LDAP server for every request.
Santosh
Re: WS security username token caching
Posted by Daniel Kulp <dk...@apache.org>.
There are really a couple options:
1) Use ws-secureconversation. The user would send the complete
authentication information on the request to get the conversation token.
Subsequent requests would just send the conversation token.
2) You could write an interceptor that grabs the HTTP session out of the
message and store stuff there (providing the clients enable sessions).
Basically, store the username/password that WAS authenticated successfully and
in you callback handler, match there first.
Dan
On Fri April 3 2009 11:15:12 am Santosh Kulkarni wrote:
> Hi all,
>
>
>
> Where can I get some pointers/examples on how to cache the
> authentication information so I do not have to go to the authentication
> server for every single request?
>
>
>
> A little background:
>
>
>
> I'm using apache-cxf and ws-security username token profile. The
> callback goes out and authenticates against a remote LDAP server.
>
> It's required to be a high volume service so looking for ways to avoid
> hitting the LDAP server for every request.
>
>
>
> Santosh
--
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog