Caching of LDAP login credentials not working when using JBoss ESB in SOA-P 5.3.1

Solution Verified - Updated -

Issue

We're using org.jboss.security.auth.spi.LdapExtLoginModule to authenticate/authorise users against LDAP. When running a trace on this, the logs seem to indicate that it always makes a call to LDAP.

JBoss SOA-P reconnects to the LDAP every time the same user logs in.

This issue is not seen when the customer is login in using a simple web application directly, without using JBoss ESB, in SOA-P 5.

The problem can easily be reproduced with the security_basic quickstart. If I enable TRACE level logging for the 'org.jboss.security' package, and invoke 'and sendesb' a few times, I can see that the login module is validating the user on each request:

TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) initialize
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Security domain: jbossesb
...
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) User 'esbuser' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) commit, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Checking user: esbuser, roles string: esbrole

The expectation is that the principal would be obtained from cache instead.

Environment

JBoss SOA Platform (SOA-P) 5.3.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content