killbill-aplcache

diff --git a/profiles/killbill/src/main/java/org/killbill/billing/server/security/KillbillJdbcTenantRealm.java b/profiles/killbill/src/main/java/org/killbill/billing/server/security/KillbillJdbcTenantRealm.java
index 85b17d9..20b2d7a 100644
--- a/profiles/killbill/src/main/java/org/killbill/billing/server/security/KillbillJdbcTenantRealm.java
+++ b/profiles/killbill/src/main/java/org/killbill/billing/server/security/KillbillJdbcTenantRealm.java
@@ -46,6 +46,10 @@ public class KillbillJdbcTenantRealm extends JdbcRealm {
         this.dataSource = dataSource;
         this.securityConfig = securityConfig;
 
+        // Note: we don't support updating tenants credentials via API
+        // See JavaDoc warning: https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
+        setAuthenticationCachingEnabled(true);
+
         configureSecurity();
         configureQueries();
         configureDataSource();

diff --git a/util/src/main/java/org/killbill/billing/util/glue/IniRealmProvider.java b/util/src/main/java/org/killbill/billing/util/glue/IniRealmProvider.java
index 379e3b6..8e74e76 100644
--- a/util/src/main/java/org/killbill/billing/util/glue/IniRealmProvider.java
+++ b/util/src/main/java/org/killbill/billing/util/glue/IniRealmProvider.java
@@ -53,17 +53,26 @@ public class IniRealmProvider implements Provider<IniRealm> {
             // by going through IniSecurityManagerFactory.
             final DefaultSecurityManager securityManager = (DefaultSecurityManager) factory.getInstance();
             final Collection<Realm> realms = securityManager.getRealms();
-            if (realms == null || realms.isEmpty()) {
-                return new IniRealm(securityConfig.getShiroResourcePath());
-            }
 
-            for (final Realm cur : realms) {
-                if (cur instanceof IniRealm) {
-                    return (IniRealm) cur;
+            IniRealm iniRealm = null;
+            if (realms == null || realms.isEmpty()) {
+                iniRealm = new IniRealm(securityConfig.getShiroResourcePath());
+            } else {
+                for (final Realm cur : realms) {
+                    if (cur instanceof IniRealm) {
+                        iniRealm = (IniRealm) cur;
+                        break;
+                    }
                 }
             }
-            throw new ConfigurationException();
+            if (iniRealm != null) {
+                // See JavaDoc warning: https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
+                iniRealm.setAuthenticationCachingEnabled(true);
 
+                return iniRealm;
+            } else {
+                throw new ConfigurationException();
+            }
         } catch (final ConfigurationException e) {
             log.warn("Unable to configure RBAC", e);
             return new IniRealm();

diff --git a/util/src/main/java/org/killbill/billing/util/security/shiro/realm/KillBillJdbcRealm.java b/util/src/main/java/org/killbill/billing/util/security/shiro/realm/KillBillJdbcRealm.java
index 380258b..87c8588 100644
--- a/util/src/main/java/org/killbill/billing/util/security/shiro/realm/KillBillJdbcRealm.java
+++ b/util/src/main/java/org/killbill/billing/util/security/shiro/realm/KillBillJdbcRealm.java
@@ -42,6 +42,10 @@ public class KillBillJdbcRealm extends JdbcRealm {
         this.dataSource = dataSource;
         this.securityConfig = securityConfig;
 
+        // TODO Enable when we add support for cache invalidation
+        // See JavaDoc warning: https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
+        //setAuthenticationCachingEnabled(true);
+
         // Tweak JdbcRealm defaults
         setPermissionsLookupEnabled(true);
         setAuthenticationQuery(KILLBILL_SALTED_AUTHENTICATION_QUERY);