> I've noticed that in some cases the CentralAuthenticationService deletes the > TGTs from the ticket registry. As does the RegistryCleaner. > This caused some problems when we switched from the DefaultTicketRegistry to > JpaTicketRegistry: the delete locks the whole table and, if two deletes > happen simultaneously, a deadlock can occur. This manifests specifically when > running CAS in clustered environment.
We have documented this behavior in http://www.ja-sig.org/issues/browse/CAS-782 and have provided a patch that for us resolves the deadlocks. I believe some pressure from the community to address this issue would help move along a resolution. > Is this a bug? I would call it a bug, but I believe there's some debate about whether it's a bug or a performance problem. In our case, the deadlocks locked the _entire_ TicketGrantingTicketImpl table, preventing a denial of service condition on authentication. Clearly it's a bug in that case. > I would think that the CentralAuthenticationService should just mark expired > tickets but then the RegistryCleaner would delete them. A "DELETE FROM TicketGrantingTicketImpl WHERE Expired=true" solution would be ideal, but due to the nature of pluggable ticket expiration policies, such as solution isn't possible in CAS 3.x. I suppose I should qualify that statement; a _clean_ solution isn't possible. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
