We are using AclPermissionCacheOptimizer for caching the authorised objects for sids in spring-security-core-3.1.3 version.
Now whenever we give access to new sid for a cached object, AclPermissionCacheOptimizer does not have the new sid for the cached object and hence the users with the new sid is not authorized to see this object (as this object is found in the cache, it does not load the data from db). I was thinking that spring security should clear this cache whenever a new sid is given access to cached object.
Here are the xml file looks like:
<bean id="permissionCacheOptimizer" class="org.springframework.security.acls.AclPermissionCacheOptimizer">
<constructor-arg ref="aclService"/>
</bean>
What are the options I have to fix this issue? Any idea?
