cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freddy Exposito <>
Subject Ehcache is evicting Security Tokens that are already required
Date Wed, 19 Feb 2014 20:03:39 GMT
Hi All,

We have a multi-thread application that uses several proxies (10 threads,
each thread using one proxy object)  over one single endpoint. The
EHCacheManagerHolder returns the CacheConfiguration based on the endpoint.
As result of this, we have 10 threads/proxies making a lot of calls using
the same TokenStore to keep  all the SecurityToken (for the
SymmetricBindingHandler in our case). 

Once the store is full, EhCache starts evicting elements. As the default LRU
ehcache algorithm takes 30 elements randomly and delete the Last Recently
Used (LRU) of these 30 elements, it's happening to us often that a wrong
element is evicted and the symmetric handling process fail because a
required security token can not be find.

I have tried with longer sizes (5000, 10000) for the TokenStore  and
although less frequently,  still happens. Besides, using big size for the
TokenStore consumes lot of memory as we are storing also SAML Tokens that
are not small.

Do you have any workaround for this issue? Do you think it might be better
to have the TokenStore instance per proxy object instead of per endpoint?

We know we can reference our own TokenStore implementation using the
ws-security property but we are trying to use what comes by default.


View this message in context:
Sent from the cxf-dev mailing list archive at

View raw message