Details
-
Sub-task
-
Resolution: Fixed
-
P4
-
None
Description
This defines the frequency for checking native reference during non-busy period, The PKCS11 guide needs updating to highlight 3 new configuration attributes (see below) for the SunPKCS11 Provider. Suggested text below:
Attribute: destroyTokenAfterLogout
Value: Boolean value, default: false
Description: If set to true, when `java.security.AuthProvider.logout()` is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that PKCS11 provider with this attribute set to true should not be added to system provider list since the provider object is not usable after logout() is called.
Attribute: cleaner.shortInterval
Value: Integer in milliseconds, default 2000. The value must be at least 1000 ms.
Description: How often should native reference clearing be performed during busy period, i.e. the frequency that the cleaner thread processes the no-longer-needed native references in the queue to free up native memory. Note that cleaner thread will switch itself to the 'longInterval' frequency after 200 failed tries, i.e. no references found in the queue.
Attribute: cleaner.longInterval
Value: Integer in milliseconds, default 60000. The value must be at least 1000 ms.
Description: How often should cleaner thread check for native references during non-busy period, i.e. the frequency that the cleaner thread checks the queue for native references. Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.
Attribute: destroyTokenAfterLogout
Value: Boolean value, default: false
Description: If set to true, when `java.security.AuthProvider.logout()` is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that PKCS11 provider with this attribute set to true should not be added to system provider list since the provider object is not usable after logout() is called.
Attribute: cleaner.shortInterval
Value: Integer in milliseconds, default 2000. The value must be at least 1000 ms.
Description: How often should native reference clearing be performed during busy period, i.e. the frequency that the cleaner thread processes the no-longer-needed native references in the queue to free up native memory. Note that cleaner thread will switch itself to the 'longInterval' frequency after 200 failed tries, i.e. no references found in the queue.
Attribute: cleaner.longInterval
Value: Integer in milliseconds, default 60000. The value must be at least 1000 ms.
Description: How often should cleaner thread check for native references during non-busy period, i.e. the frequency that the cleaner thread checks the queue for native references. Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.