[cas-dev] Mutable user Attributes

[dale77]

Here's what we have done.

We have written our own authentication handler which authenticates our user
against the backend and retrieves their attributes in one web service call.
This handler stores the attributes in a static ConcurrentHashmap, keyed on
netid. This hashmap becomes the single point of attribute storage for all
principals.

We have written our own Attribute repository that pulls the users attributes
from the static ConcurrentHashmap.

We have written our own Principal that rather than storing a copy of the
attributes, it returns a copy of the attributes from the ConcurrentHashMap

We have added a page to cas that when requested will refresh the attributes
in the ConcurrentHashmap for a given net_id, this is called by client
applications if they modify the backend attributes.

So, in the normal case attribute retrieval is more expensive in that a
Hashmap.get is always involved. But we only retrieve fresh credentials when
a) a user logs in or b) an application tells us something has changed.

Please let us know if you see a better way...


scott_battaglia wrote:
> 
> Dale,
> 
> I've considered looking into doing something like what you are
> considering.
> It would require another implementation of an AttributePrincipal where the
> getAttribute was backed by the PersonAttributeDao.  Its not difficult to
> do
> but it comes down to a one thing:
> 
> How to retrieve the attributes in a timely manner?
> *  On demand (not very efficient for a large number of attributes but okay
> for one or two)
> * Cached / Grouped retrieval (requires timeouts, timer threads, etc.).
> 
> Its definitely possible.  Its a matter of how best we want to do it.  If
> we
> came up with a good way I would make it the default in CAS.
> 
> -Scott
> 

-- 
View this message in context: http://www.nabble.com/Mutable-user-Attributes-tp15885364p16021087.html
Sent from the CAS Dev mailing list archive at Nabble.com.