Caching of LDAP login credentials not working when using JBoss ESB in SOA-P 5.3.1

Solution Verified - Updated -

Issue

We're using org.jboss.security.auth.spi.LdapExtLoginModule to authenticate/authorise users against LDAP. When running a trace on this, the logs seem to indicate that it always makes a call to LDAP.

JBoss SOA-P reconnects to the LDAP every time the same user logs in.

This issue is not seen when the customer is login in using a simple web application directly, without using JBoss ESB, in SOA-P 5.

The problem can easily be reproduced with the security_basic quickstart. If I enable TRACE level logging for the 'org.jboss.security' package, and invoke 'and sendesb' a few times, I can see that the login module is validating the user on each request:

TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) initialize
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Security domain: jbossesb
...
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) User 'esbuser' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) commit, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (pool-26-thread-1) Checking user: esbuser, roles string: esbrole

The expectation is that the principal would be obtained from cache instead.

Environment

JBoss SOA Platform (SOA-P) 5.3.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.