LDAP API call cache

A call to the method ISecurityContext.findRole(...) will result in a query to the system database, because the roles are stored there, so no query to the external security system (LDAP) is needed.

The first call to the methode IWorkflowSession.hasRole(IRole, Boolean) could results in a query to the external security system (LDAP). Latest all following calls within 5 minutes will use the cache of the first call, independent of the parameter.

In fact the cache is initialized/handled by the method IUser.getRoles(), which is called internally by the method IWorkflowSession.hasRole(IRole, Boolean). The method IUser.getRoles() caches the result for 10 seconds on the user-instance (this means, further calls within 10 seconds on the same instance will return the cached result. The method ISecurityContext.findUser(...) will always return a new instance.). However, if the method is called on the current logged-in user the result is cached on the session and has therefore a timeout of 5 minutes.

In 4.3 only the cache for the current logged-in user exists. The ‘10 second cache’ on any user-instance was introduced with 5.0.15.

UPDATE: A code example for clarification:

IRole.getUsers() / IRole.getAllUsers() is NEVER cached

IRole role = ISecurityContext.findRole("RoleA"); // only access to system db
role.getUsers(); // first call not cached
role.getUsers(); // subsequent calls not cached

Cache of IUser.getRoles() / IUser.getAllRoles()

ISecuritySession.findUser("Max").getRoles(); // NOT cached
ISecuritySession.findUser("Max").getRoles(); // NOT cached, because findUser() returns a new instance

IUser user = IWorflowSession.findUser("Max"); // if user is not already synchronized, it will be looked up in the LDAP.
user.getRoles(); // first call NOT cached
user.getRoles(); // subsequent calls are cached, because called on the same instance