Ticket #181 (new task)
Security: check performance
|Reported by:||bruno||Owned by:||bruno|
The typical usage scenario of Spring Security is that the SecurityContext? is stored in the session.
In Kauri, being stateless and all, we reconstruct the SecurityContext? upon each request. This also in case of form based auth, because we don't store the SecurityContext? in that case but only a pre auth token.
Maybe there is no problem at all, but we should verify.
Kauri's way of working actually brings the advantage that it easier to manage (invalidate) non-session based caching.