Red Hat
Jun 19, 2017
by Tristan Tarrant
The implementation of cache authorization in Infinispan has traditionally followed the JAAS model of wrapping calls in a PrivilegedAction invoked through Subject.doAs(). This led to the following cumbersome pattern:


We also provided an implementation which, instead of relying on enabling the SecurityManager, could use a lighter and faster ThreadLocal for storing the Subject:


While this solves the performance issue, it still leads to unreadable code.
This is why, in Infinispan 9.1 we have introduced a new way to perform authorization on caches:


Obviously, for multiple invocations, you can hold on to the "impersonated" cache and reuse it:

We hope this will make your life simpler and your code more readable !
Original Post