Marvin,On your first question, registry cleanup is NOT a part of ticket expiration policy. That's separate and enforced even if you accumulated tickets from last month. The registry cleaner is needed to clean out expired tickets. If you took a look at the default registry cleaner you'd see that it checks if a ticket is expired before deleting it.
As for the previously reported issue, here is the thread: http://www.nabble.com/DefaultTicketRegistryCleaner---spikes-under-DB-load-td20200644.html#a20201093
So, if you want to write your own registry cleaner to keep everything within CAS, an idea I personally favor, then you can make one up from looking at DefaultTicketRegistryCleaner and instead of calling ticketRegistry.getTickets() within a transaction, retrieve a list of tickets with direct SQL. Then make up a new transactional method in which you can do ticketRegistry.getTicket(), check it with ticketRegistry.isExpired(), and if it is, call ticketRegistry.deleteTicket().
One of the key advantages with this approach is that you have a transaction around a single ticket/database row at a time. Keeping in mind that the cleaner doesn't need to run frequently, scanning the database one ticket at a time should not create any issues. It's a "background" job.
Does that help? Adam Marvin Addison wrote:
I'm having trouble accepting an out-of-band solution for cleaning up security data. This clean up is part of ticket expiration policy enforcement, right? If so it should clearly be handled by CAS. I'm still not clear whether the "previously reported issue" Adam mentioned is a performance problem or error condition such as Ryan reported. Can anyone provide any further information on this? We are planning on using JpaTicketRegistry for our upcoming deployment, thus my interest in the issue. Thanks, Marvin
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[email protected] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
