[cas-user] SAML expired Metadata delete does not work for CIFS K8S PVC

Mon, 03 Nov 2025 06:21:05 -0800 

We’re storing SAML Metadata in a K8S PVC which is CIFS backed (Azure).

UrlResourceMetadataResolver.cleanUpExpiredBackupMetadataFilesFor() fails, 
because the used FileUtils::forceDelete performs a PathUtils.deleteFile() with 
StandardDeleteOption.OVERRIDE_READ_ONLY, which is not supported on CIFS PVCs.

This underlying PathUtils code fails:

if (overrideReadOnly(deleteOptions) && exists) {
            setReadOnly(file, false, linkOptions);
}

Also, as Unchecked.consumer(FileUtils::forceDelete)) is used, the underlying 
exception is suppressed, which makes it hard to find the culprit.

Caused by: java.nio.file.FileSystemException: 
/shared/cas/saml/metadata-backups/e85c6203e36abf9bf4a0a912e198ead31a95584a.xml: 
Operation not supported
        at sun.nio.fs.UnixException.translateToIOException(Unknown Source) 
~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source) ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source) ~[?:?]
        at sun.nio.fs.LinuxDosFileAttributeView.updateDosAttribute(Unknown 
Source) ~[?:?]
        at sun.nio.fs.LinuxDosFileAttributeView.setReadOnly(Unknown Source) 
~[?:?]
        at org.apache.commons.io.file.PathUtils.setReadOnly(PathUtils.java:914) 
~[commons-io-2.11.0.jar:2.11.0]
        at org.apache.commons.io.file.PathUtils.deleteFile(PathUtils.java:485) 
~[commons-io-2.11.0.jar:2.11.0]
        at org.apache.commons.io.file.PathUtils.delete(PathUtils.java:392) 
~[commons-io-2.11.0.jar:2.11.0]
        at org.apache.commons.io.FileUtils.forceDelete(FileUtils.java:1341) 
~[commons-io-2.11.0.jar:2.11.0]



Using NIO Files.deleteIfExists() works without this problem. 

For now, we have extended UrlResourceMetadataResolver class.



See also: https://github.com/Azure/azure-storage-fuse/issues/1193





-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B84F2A22-2927-4FDC-B27D-B9C88E5D73FF%40gmail.com.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to