[ https://issues.apache.org/jira/browse/CXF-5420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-5420: ---------------------------------------- Assignee: Colm O hEigeartaigh > Issue with EhCacheTokenStore using default LRU. > ----------------------------------------------- > > Key: CXF-5420 > URL: https://issues.apache.org/jira/browse/CXF-5420 > Project: CXF > Issue Type: Bug > Affects Versions: 2.6.10, 2.7.7 > Reporter: Freddy Exposito > Assignee: Colm O hEigeartaigh > Priority: Minor > > HI All, > The Ehcache TokenStore implementation (org.apache.cxf.ws.security.tokenstore. > EHCacheTokenStore) is evicting wrong elements from the token store. It’s > happening very randomly in a heavy multi-thread application but at some point > is trying to get a DerivedKeyToken (added before sending request to the > server) that was evicted before the response was returned. > I actually see the issue in the Ehcache Element implementation > (http://jira.terracotta.org/jira/browse/EHC-1065) because the constructor of > class Element that the CXF EHCacheTokenStore implementation is using is not > setting ‘lastAccessTime’ in the constructor. As lastAccessTime is being zero > by default, all the DerivedKeyToken elements in the token store have > lastAccessTime=0 and there is a possibility that a wrong element is evicted > because the default ehcache LRU policy uses the ‘lastAccessTime’ to perform > eviction. > I reported the issue to EHcache already although I haven’t received answer > from them. In the meantime, would you consider to update EHCacheTokenStore to > use a more suitable Element constructor that allows setting ‘lastAccessTime’ > properly? > Thanks, -- This message was sent by Atlassian JIRA (v6.1#6144)