The OpenID Connect implementation and related beans are eagerly loaded even when not required. #328
Comments
|
I agree. I wondered about this too when reviewing the code. Some extensive testing didn't reveal any blocking issues here, but it would be good to look at it. Patching in the original developer: @jGauravGupta |
|
Within WildFly at the time of deployment we scan the annotations used in the deployment and if we detect EE security annotations we activate the Soteria EE security extension. One simple approach for us could be if the mechanisms were contained in their own extensions - depending on which annotations were encountered when scanning the deployment we could select which extensions could be enabled. But how do other server's perform their initialisation? Could they also select which Soteria extensions to enable based on the needs of the deployment or is it more common elsehwere to have the whole of Soteria active by default? |
It would be better to review how much needs to be eagerly loaded and how much can be deferred until deemed necessary for the deployment. Although identified due to the addition of OpenID Connect this should really apply to all beans to ensure resources are not being utilised unnecessarily.
The text was updated successfully, but these errors were encountered: