[cas-user] Could this be a performance issue in CAS6?

Mon, 25 Apr 2022 14:30:23 -0700 

Hi there, 

this following validation is new in CAS6.x  

OIDC endpoint: cas/oidc/token   (request access token using authCode)
OAuth20AuthorizationCodeGrantTypeTokenRequestValidator

the log says it all, if authCode is expired, it will attempt to revoke all 
access tokens issued to the authCode (new to CAS6),  however, it does so by 
querying the entire registry:  getTicketRegistry().getTickets()

   @Override
    protected boolean validateInternal(final WebContext context, final 
String grantType,
                                       final ProfileManager manager, final 
UserProfile uProfile) {
 .......................................
        if (valid) {
            val token = 
getConfigurationContext().getTicketRegistry().getTicket(code.get(), 
OAuth20Code.class);
            if (token == null || token.isExpired()) {
                LOGGER.debug("Code [{}] is invalid or expired. Attempting 
to revoke access tokens issued to the code", code.get());
                val accessTokensByCode = 
getConfigurationContext().getTicketRegistry().getTickets(ticket ->
                    ticket instanceof OAuth20AccessToken
                        && 
StringUtils.equalsIgnoreCase(((OAuth20AccessToken) ticket).getToken(), 
code.get()));
                accessTokensByCode.forEach(ticket -> {
                    LOGGER.debug("Removing access token [{}] issued via 
expired/unknown code [{}]", ticket.getId(), code.get());
                    
getConfigurationContext().getTicketRegistry().deleteTicket(ticket);
                });

                LOGGER.warn("Request OAuth code [{}] is not found or has 
expired", code.get());
                return false;
            }
...............................

this is CAS  HazelcastTicketRegistry code.  note:    
this.ticketCatalog.findAll()

    @Override
    public Collection<? extends Ticket> getTickets() {
        return this.ticketCatalog.findAll()
            .stream()
            .map(metadata -> 
getTicketMapInstanceByMetadata(metadata).values())
            .flatMap(tickets -> {
                if (pageSize > 0) {
                    return 
tickets.stream().limit(pageSize).collect(Collectors.toList()).stream();
                }
                return new ArrayList<>(tickets).stream();
            })
            .map(this::decodeTicket)
            .collect(Collectors.toSet());
    }

Would not that be a performance issue?

Yan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce6a5a42-cb73-4da2-a551-b481eb63e7b9n%40apereo.org.

Reply via email to