Implementations should provide appropriate methods to set their cache parameters (e.g. time-to-live) and/or force removal of entities before their normal expiration. These are not part of the UserCache
interface contract because they vary depending on the type of caching system used (in-memory, disk, cluster, hybrid etc.).
Caching is generally only required in applications which do not maintain server-side state, such as remote clients or web services. The authentication credentials are then presented on each invocation and the overhead of accessing a database or other persistent storage mechanism to validate would be excessive. In this case, you would configure a cache to store the UserDetails information rather than loading it each time. @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider @author Ben Alex
|
|