Hi All, During performance testing of our CAS cluster the testers have been seeing "SocketException: Too many open files" as described at the end of this email.
CAS is configured with the FastBindLdapAuthenticationHandler. Is it possible to use a pooled context source with this configuration? When I wire the pooledContextSource (as described here: https://wiki.jasig.org/display/CASUM/LDAP) into the fast bind handler I see the following exception: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@6bd1f967 targetAction = [EvaluateAction@264d107e expression = authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext), resultExpression = [null]], attributes = map[[empty]]] in state 'realSubmit' of flow 'login' -- action execution attributes were 'map[[empty]]' at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) at org.springframework.webflow.engine.State.enter(State.java:194) at org.springframework.webflow.engine.Transition.execute(Transition.java:227) .... Caused by: java.lang.UnsupportedOperationException: Not supported for this implementation at org.springframework.ldap.pool.factory.PoolingContextSource.getContext(PoolingContextSource.java:436) at org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(FastBindLdapAuthenticationHandler.java:32) at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:58) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate_aroundBody2(AbstractPreAndPostProcessingAuthenticationHandler.java:72) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate_aroundBody3$advice(AbstractPreAndPostProcessingAuthenticationHandler.java:44) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:1) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtainPrincipal(AuthenticationManagerImpl.java:78) at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody0(AbstractAuthenticationManager.java:41) at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody1$advice(AbstractAuthenticationManager.java:44) ... at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:1) Is the pooled context source only suitable for the Bind handler and not the Fast Bind handler? Thanks, Matt >From tester: When we introduce a large number of users (3500 ramped in over around 30 minutes) to our 4 server CAS estate we are observing very high thread usage in each of the 4 Tomcat containers. In each of the Tomcat containers we are seeing a thread being held open for each user authentication. I have attached a sample thread trace below: Name: Thread-3219 State: RUNNABLE Total blocked: 0 Total waited: 0 Stack trace: java.net.SocketInputStream.socketRead0(Native Method) java.net.SocketInputStream.read(SocketInputStream.java:129) java.io.BufferedInputStream.fill(BufferedInputStream.java:218) java.io.BufferedInputStream.read1(BufferedInputStream.java:258) java.io.BufferedInputStream.read(BufferedInputStream.java:317) - locked java.io.BufferedInputStream@30b540c7 com.sun.jndi.ldap.Connection.run(Connection.java:805) java.lang.Thread.run(Thread.java:619) Once the number of threads reaches around 950 in each of the Tomcat containers the process runs out of open files as the current Linux limit on open files per process is 1024 (see below) $ ulimit -n 1024 2011/10/06 17:20:58.797 ERROR http-12080-Acceptor-0 JIoEndpoint - Socket accept failed java.net.SocketException: Too many open files at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:384) at java.net.ServerSocket.implAccept(ServerSocket.java:453) at java.net.ServerSocket.accept(ServerSocket.java:421) at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:61) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:352) at java.lang.Thread.run(Thread.java:619) We would like to implement connection pooling as a means of reducing the number of connections required for obvious performance reasons, however even without pooling we are surprised to see that the LDAP threads remain in process waiting on a socket read to LDAP, although we periodically observe (after approx 15 minutes) a large number of threads being released although this could be down to some form of application housekeeping or as a consequence of TCP Keepalives. Thanks, Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trade marks of British Sky Broadcasting Group plc and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky Interactive Limited (Registration No. 3554332), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
