dcache icon indicating copy to clipboard operation
dcache copied to clipboard

Published 20 hours ago verified publisher icon dCache

dcache-frontend: caching of Subject not responsive to gPlazma config changes

Open alrossi opened this issue 6 years ago • 4 comments

There seems to be either a lag or total unresponsiveness to changes in the gPlazma configuration with regard to the Subject used to authenticate the user in the frontend.

This can be reproduced as follows:

  1. comment out your DN in the mapping file(s) used with gPlazma
  2. log in fresh to frontend. You should appear as an anonymous user
  3. now restore the DN to the mapping
  4. log in again. Frontend does not pick up the change.

Only a restart of frontend restores you to your original identity.

gPlazma does not work this way. Its information is (in theory) always up to date.

We need to find a way to avoid stale user information in the frontend.

alrossi avatar Nov 01 '18 13:11 alrossi

This issue still persists (tested against master 8.2 snapshot: master@8370c107d6f89bcca8bfc62f6992348c9d5f8a05)

alrossi avatar Jun 08 '22 15:06 alrossi

I guess, the issue is related to caching of user logins on the frontend side


  <bean id="cache-login-strategy" class="org.dcache.auth.CachingLoginStrategy">
      <description>Processes mapping requests</description>
      <constructor-arg index="0" ref="login-strategy" />
      <constructor-arg index="1" value="${frontend.service.gplazma.cache.size}" />
      <constructor-arg index="2" value="${frontend.service.gplazma.cache.timeout}" />
      <constructor-arg index="3" value="${frontend.service.gplazma.cache.timeout.unit}" />
  </bean>

The default value for cache validity is 10 minutes

# cache entry maximal lifetime
frontend.service.gplazma.cache.timeout = 10

# Time unit used for timeout.
#
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
frontend.service.gplazma.cache.timeout.unit = MINUTES

The cache can be forced by login clear cache command in the admin interface of frontend.

kofemann avatar Jul 14 '22 07:07 kofemann

Yes. This is a common problem with all doors that cache login information. The results to any change in gPlazma configuration are not see immediately.

paulmillar avatar Jul 14 '22 09:07 paulmillar

Well, in the most environments propagation of configuration updates takes some time. The question is can we allow us to wait 10 minutes, or immediate updates worth the complexity of the changes

kofemann avatar Jul 15 '22 14:07 kofemann