cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Ehcache is evicting Security Tokens that are already required
Date Fri, 21 Feb 2014 16:34:55 GMT
Hi Freddy,

Just for clarification, are you talking about the TokenStore on the client
or service side?

Colm.


On Wed, Feb 19, 2014 at 8:03 PM, Freddy Exposito <exposito@gmail.com> wrote:

> Hi All,
>
> We have a multi-thread application that uses several proxies (10 threads,
> each thread using one proxy object)  over one single endpoint. The
> EHCacheManagerHolder returns the CacheConfiguration based on the endpoint.
> As result of this, we have 10 threads/proxies making a lot of calls using
> the same TokenStore to keep  all the SecurityToken (for the
> SymmetricBindingHandler in our case).
>
> Once the store is full, EhCache starts evicting elements. As the default
> LRU
> ehcache algorithm takes 30 elements randomly and delete the Last Recently
> Used (LRU) of these 30 elements, it's happening to us often that a wrong
> element is evicted and the symmetric handling process fail because a
> required security token can not be find.
>
> I have tried with longer sizes (5000, 10000) for the TokenStore  and
> although less frequently,  still happens. Besides, using big size for the
> TokenStore consumes lot of memory as we are storing also SAML Tokens that
> are not small.
>
> Do you have any workaround for this issue? Do you think it might be better
> to have the TokenStore instance per proxy object instead of per endpoint?
>
> We know we can reference our own TokenStore implementation using the
> ws-security property but we are trying to use what comes by default.
>
> Thanks,
> Freddy
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Ehcache-is-evicting-Security-Tokens-that-are-already-required-tp5740191.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message