The plug-in maintains an asset cache that keeps track of the unprotected URLs that have been accessed by all sessions. The asset cache is the first thing the plug-in checks when processing an HTTP request. If it finds the requested URL in the asset cache, the plug-in knows that the URL is not protected and does not perform the User authentication and Access authorization steps. This reduces the number of times the plug-in has to access the security EJBs that may be running on a remote host.
The asset cache uses a cache replacement policy. Whenever the cache is full and a new asset needs to be cached, the least recently used entry is removed from the cache. If a particular Web server handles many unprotected URLs, the plug-in should have a larger asset cache than a server that handles mostly protected URLs. This cache is synchronized with the ACDB through a TCP/IP connection between the plug-in and the Enterprise Security middleware. ACDB synchronization occurs whenever a URL asset changes in the ACDB.
The number of asset cache entries is configured via the UNPROTECTED_URL_CACHE_MAX_SIZE property in the plug-in configuration file SybSecurityPluginConfig.txt—see “Configuring the SybSecurityPluginConfig.txt file”.
