Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5420

Issue with EhCacheTokenStore using default LRU.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.10, 2.7.7
    • Fix Version/s: 2.6.12, 2.7.9
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Novice

      Description

      HI All,

      The Ehcache TokenStore implementation (org.apache.cxf.ws.security.tokenstore. EHCacheTokenStore) is evicting wrong elements from the token store. It’s happening very randomly in a heavy multi-thread application but at some point is trying to get a DerivedKeyToken (added before sending request to the server) that was evicted before the response was returned.
      I actually see the issue in the Ehcache Element implementation (http://jira.terracotta.org/jira/browse/EHC-1065) because the constructor of class Element that the CXF EHCacheTokenStore implementation is using is not setting ‘lastAccessTime’ in the constructor. As lastAccessTime is being zero by default, all the DerivedKeyToken elements in the token store have lastAccessTime=0 and there is a possibility that a wrong element is evicted because the default ehcache LRU policy uses the ‘lastAccessTime’ to perform eviction.

      I reported the issue to EHcache already although I haven’t received answer from them. In the meantime, would you consider to update EHCacheTokenStore to use a more suitable Element constructor that allows setting ‘lastAccessTime’ properly?

      Thanks,

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              freddy.exposito Freddy Exposito
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: