cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bcampolo <>
Subject 2.7.8 Possible memory leak with IssuedToken Interceptor storing tokens in MemoryTokenStore
Date Wed, 26 Feb 2014 21:46:58 GMT
The system we have setup is using CXF 2.7.8 on the server side using SAML
token validation.  I'm not sure what is meant to happen, but it appears that
IssuedTokenInInterceptor is storing tokens in MemoryTokenStore, but then the
MemoryTokenStore remove, getToken, and getTokenIdentifier are never called
leading to the MemoryTokenStore caching all tokens indefinitely, eventually
running out of memory.  We did not have this problem previously using 2.4.9
because it appears that in that version a single token was just added to the
message context and not to a TokenStore and eventually discarded with the

I don't see this as a reported bug in Jira so I think that I may have some
configuration missing?

Also, just for reference, I don't see where the token is ever retrieved from
the cache on the server side.  Is this only meant for other Interceptors in
the chain to retrieve the token?

View this message in context:
Sent from the cxf-dev mailing list archive at

View raw message