We are running cas 3.5.2.1 with ehcache 2.6.0.
I have created a custom ticket expiration listener (implements
net.sf.ehcache.event.CacheEventListener) to 1) prevent tickets from
expiring if user selects 'remember me' and 2) send logout to services
when ticket expires.
Testing in development and preprod environments shows this solution
works. However in production we have experienced runaway tomcat thread
creation which quickly leads to tomcat becoming unresponsive.
At the logging level we have in production, there is no indication of
the [source of the] problem. We believe the problem is triggered by the
custom listener when it updates the remote caches, perhaps a race condition.
So the question: is this the way to mange ticket expiration when using
ehcache with cas or is there a another option?
Ray
P.S. below is the custom code. The only working method is
notifyElementExpired. If the user has selected 'remember me' and the max
lifetime has not been reached then put the ticket back in the cache
otherwise tell TGT to logout of services.
package ca.uvic.idm.cas.ehcache.event;
import net.sf.ehcache.event.CacheEventListener;
import net.sf.ehcache.Ehcache;
import net.sf.ehcache.Element;
import org.jasig.cas.ticket.TicketGrantingTicketImpl;
import org.jasig.cas.ticket.ExpirationPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class TicketExpirationListener implements CacheEventListener {
private final Logger log = LoggerFactory.getLogger(getClass());
private boolean logUserOutOfServices = true;
@Override
public Object clone() {
return new TicketExpirationListener();
}
@Override
public void dispose() {
}
@Override
public void notifyElementEvicted(Ehcache cache, Element element) {
}
@Override
public void notifyElementExpired(Ehcache cache, Element element) {
log.debug("notifyElementExpired " + cache.getGuid());
log.trace("notifyElementExpired: [cache: " + cache + "; element:
" + element + "]");
Object ticket = element.getObjectValue();
if (ticket instanceof TicketGrantingTicketImpl) {
TicketGrantingTicketImpl tgt = (TicketGrantingTicketImpl)ticket;
if (tgt.isExpired()) {
if (logUserOutOfServices) {
// expire ticket to initiate logout request
tgt.expire();
}
// evict this ticket from other caches
// rather than waiting for them to do it in 30 to 90 s
cache.remove(tgt.getId());
} else {
log.debug("ticket not expired in cas:");
// reset statistics
// put in this cache, update in remote caches
cache.put(element, false);
}
}
}
@Override
public void notifyElementPut(Ehcache cache, Element element) {
}
@Override
public void notifyElementRemoved(Ehcache cache, Element element) {
}
@Override
public void notifyElementUpdated(Ehcache cache, Element element) {
}
@Override
public void notifyRemoveAll(Ehcache cache) {
}
/**
* Whether to log user out of services when a ticket expires.
* Default is true. Set to false to disable.
* @param logUserOutOfServices whether to log user out of services
or not.
*/
public void setLogUserOutOfServices(final boolean
logUserOutOfServices) {
this.logUserOutOfServices = logUserOutOfServices;
}
}
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/64c0bef8-ecf2-d4d0-721c-97ea34ea6ff5%40uvic.ca.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
