[OPENAM-14838] Trusted JWT issuer cache is refreshed inefficiently affecting other lookups Created: 29/Apr/19 Updated: 25/Jun/20
|Reporter:||Peter Major [X] (Inactive)||Assignee:||Unassigned|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
The identity cache in IdentityUtils utilizes:
which in JavaDoc quite clearly states:
The #reload method is not implemented in AMIdentitySearchCacheLoader, which means that unrelated read write operations can take significantly longer (especially because of OPENAM-14834).
No exact steps for this one, probably just run a performance test with JWT bearer grant using many trusted JWT issuers in a single realm.
Either #reload is implemented, or we don't use refreshAfterWrite
refreshAfterWrite is used (unclear why it was needed), without asynchronous reload implementation.
We should investigate whether this cache is really helpful, and if we could implement performant lookups differently.