MemCached StoragesService Compatibility

Manuel Haim haim at
Wed Jan 11 16:31:27 GMT 2012

Hi Esmeralda,

reading your $subject.toString() call, I think I now have found the
problem and a possible solution...

In, a is
added to the Subject by this line:


Though I said the X500Principal was serializable, it turns out that the
contained X500Name is marked transient and thus will not be stored
within Memcache (see [1]). Thus, your $subject.toString() fails or
returns an empty string when using Memcached.

To work around this issue, you would need to write a wrapper class (e.g.
MyX500Principal) which will store the principal name. Then modify and replace the
principals.add(cert.getSubjectX500Principal()); line by something like:


Also remember to edit the x500Principal attribute definition in your
attribute-resolver.xml (replace X500Principal("").getClass() with
something like myPackage.MyX500Principal("").getClass() ).

(the same may apply for a Kerberos login handler and, as there is also
transient data within)

A different approach would be to modify the Memcached StorageService and
provide a way to store the transient data in an extra field. (This is
already done with the publicCredentials, if
retainSubjectsPublicCredentials in your web.xml is set to true.) I may
have a look at this in a few weeks (being out of office just now).



More information about the users mailing list