+

Search Tips   |   Advanced Search

 

Distributed nonce cache

 

In previous releases of WAS, the nonce was cached locally. WAS Versions 6 and later use distributed nonce caching. The distributed nonce cache makes it possible to replicate nonce data among servers in a WAS cluster.

If nonce elements are in a SOAP header, all nonce values are cached by the server in the cluster. If the distributed nonce cache is enabled, the cached nonce values are copied to other servers in the same cluster. Then, if the message with the same nonce value is sent to (one of) other servers, the message is rejected. A received nonce cache value is cached and replicated in a push manner among other servers in the cluster with the same replication domain. The replication is an out-of-process call and, in some cases, is a remote call. Therefore, there is latency when the content of the cache in the cluster is updated. For example, you might have appserver A and appserver B in cluster C.

The distributed nonce caching feature uses the WAS data replication service (DRS). The data in the local cache is pushed to the cache in other servers in the same replication domain. The replication is an out-of-process call and, in some cases, is a remote call. Therefore, there is a possible delay in replication while the content of the cache in each appserver within the cluster is updated. The delay might be due to network traffic, network workload, machine workload, and so on.


 

Related concepts


Nonce, a randomly generated token
Web services security enhancements

 

Related tasks


Distributing nonce caching to servers in a cluster

 

Related Reference


Security considerations for Web services
Security considerations for Web services