Skip to content

Handle session persistence for cluster environments #4159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
de-jcup opened this issue May 12, 2025 · 0 comments · Fixed by #4160
Closed

Handle session persistence for cluster environments #4159

de-jcup opened this issue May 12, 2025 · 0 comments · Fixed by #4160
Assignees
@de-jcup

Comments

@de-jcup
Copy link
Member

de-jcup commented May 12, 2025
edited
Loading

Situation

Currently we have only an InMemoryCache for opaque token handling which will automatically cleanup after some time.

This works well on a single instance ... but on cluster environments we can run into multiple problems (e.g. logout handling [destroy cache necessary for ALL instances], avoid potential race conditions etc. )

Wanted

We want a cluster ready solution - means the information shall be shared in all clustered environments.
But it shall not read always from database (to avoid performance issues).

Solution

We combine the existing InMemoryCache solution with a DB persistance part:

The logic shall be this way:

  1. In memory cache got a maximum time to live
  2. Default shall be appropriate - e.g. 10 seconds
  3. If in memory cache has no entry, the value shall be retrieved from database and cached in in memory cache
  4. If database has no entry, the entry shall be retrieved from IDP and stored in databasae

Remark: In #3891 after a sucessful logout the (on IDP) we will also remove the opaque token from cache.
@de-jcup de-jcup self-assigned this May 12, 2025
@de-jcup de-jcup changed the title Handle session perstance for cluster environments Handle session persistence for cluster environments May 12, 2025
de-jcup added a commit that referenced this issue May 12, 2025
@de-jcup
Renamed InMemoryCache to SelfCleaningCache #4159
0587392
de-jcup added a commit that referenced this issue May 12, 2025
@de-jcup
Intermediate commit #4159
87f089a 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
@de-jcup de-jcup mentioned this issue May 12, 2025
Merged
de-jcup added a commit that referenced this issue May 15, 2025
@de-jcup
Implementing cluster token caching #4159
a4b30ee 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
de-jcup added a commit that referenced this issue May 16, 2025
@de-jcup
Implementing cluster token caching #4159
a9f090a 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
de-jcup added a commit that referenced this issue May 16, 2025
@de-jcup
Implementing cluster token caching #4159
0149c29 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
de-jcup added a commit that referenced this issue May 21, 2025
@de-jcup
Implementing cluster token caching #4159
89501b7 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
de-jcup added a commit that referenced this issue May 21, 2025
@de-jcup
Implementing cluster token caching #4159
064d705 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
- introduced integration test + unit tests
de-jcup added a commit that referenced this issue May 22, 2025
@de-jcup
Implementing cluster token caching #4159
d2c054c 
- introduced pre-cache
- refactored self cleaning cache
- added new fields
- introduced builder
- introduced OAuth2OpaqueTokenClusterCachePersistence
- added documentation
- introduced integration test + unit tests
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Provide new helm chart parts for token cluster cache #4159
b82c060
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
45380e3 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
00f24ec 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
1611fc3 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
1ca5d21 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
de-jcup added a commit that referenced this issue May 23, 2025
@de-jcup
Some refactorings for cluster token cache handling + oauth2 #4159
66c50b3 
- removed unnecessary consructors, where only for test, the test was
changed
  instead.
- introduced component to provide cryptoAccessprovider for
  opaque token introspection response, used this comonent inside
  selfcleaning cache instance, but also inside cluster token cache
  (when transforming database entities to cache data objects)
@de-jcup de-jcup mentioned this issue May 23, 2025
Open
sven-dmlr added a commit that referenced this issue May 23, 2025
@sven-dmlr
increased version #4159
f233f42 
Due to PR #4187 version 2.11.0 was aready reached.
Set to 2.12.0
sven-dmlr added a commit that referenced this issue May 23, 2025
@sven-dmlr
alpabetically ordered #4159
c3fe704
de-jcup added a commit that referenced this issue May 26, 2025
@de-jcup
Review changes + fixed flaky unit test + License header #4159
8e5cdbd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@de-jcup de-jcup

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature 4159 handle token cache in cluster mercedes-benz/sechub
1 participant
@de-jcup