Caching of LDAP login credentials not working when using JBoss ESB in SOA-P 5.3.1
Issue
We're using org.jboss.security.auth.spi.LdapExtLoginModule to authenticate/authorise users against LDAP. When running a trace on this, the logs seem to indicate that it always makes a call to LDAP.
JBoss SOA-P reconnects to the LDAP every time the same user logs in.
This issue is not seen when the customer is login in using a simple web application directly, without using JBoss ESB, in SOA-P 5.
The problem can easily be reproduced with the security_basic quickstart. If I enable TRACE level logging for the 'org.jboss.security' package, and invoke 'and sendesb' a few times, I can see that the login module is validating the user on each request:
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) initialize
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Security domain: jbossesb
...
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) User 'esbuser' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) commit, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Checking user: esbuser, roles string: esbrole
The expectation is that the principal would be obtained from cache instead.
Environment
JBoss SOA Platform (SOA-P) 5.3.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.