> We already applied the patch for CAS-782. The deadlock still occurs in > clustered environment.
Thanks so much for taking the time to test the patch. We are clustered as well (least active routing), and did some pretty heavy load testing using the JMeter test attached to CAS-782. Problem was resolved in our case. Can you tell us more about your database platform? Locking semantics vary from platform to platform, and it'd be good to know what you're using. > The reason being that the CentralAuthenticationService itself deletes the > expired tickets and when certain condition occures (two users, each on a > different node in the cluster, have expired tickets), the > CentralAuthenticationService tries to delete from TICKETGRANTINGTICKET table > from each node which causes the deadlock. The patch doesn't address locking scope of methods in CentralAuthenticationServiceImpl. What you are describing above sounds similar, though, to the problem of the cleaner: the scope of transactions is too large to support high throughput on a ticket registry backed by a database. Maybe we need to look more broadly at transaction scoping? > It seems a bug that the CentralAuthenticationService has to delete those > tickets. That is not a bug; when a client visits CAS with an expired TGT, CentralAuthenticationService correctly will attempt to delete the TGT and associated service tickets. The cleaner process really exists to deal with clients that come to CAS once to get a TGT or maybe a couple STs, and then disappear without a trace. For all other cases CentralAuthenticationService cleans up after itself, which is by design. > Worst case, I think it should create a new ticket and ignore the expired one > (use an extra ''WHERE'' clause when checking for existing tickets?) and leave > it to the RegistryCleaner to actually delete the tickets. Again, the pluggable ticket expiration policies make this difficult to impossible. Please keep us posted on your testing. If you have suggestions or insight on a more comprehensive fix, please share. Anyone else with suggestions or feedback based on testing, please speak up. Thanks, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
