I figured so much. Can you guestamate how much work it is to upgrade to Spring Security 3.0.x? Is this almost a dropin replacement?
Arjan Seesing On Mon, May 3, 2010 at 19:04, Scott Battaglia-2 [via Jasig] < [email protected]<ml-node%[email protected]> > wrote: > I don't know how much help you'll get here. Acegi Security 1.0.6 is > extremely old (they are currently on Spring Security 3.0.x). > > > On Mon, May 3, 2010 at 11:16 AM, Arjan Seesing <[hidden > email]<http://user/SendEmail.jtp?type=node&node=2124259&i=0> > > wrote: > >> >> Hello, >> >> We implemented a CAS client in our web application. This application was >> setup with Acegi security in the past, so we used the acegi cas client >> (acegi-security-1.0.6.jar and the casclient.jar from yale.edu). With the >> example configurations it all works correctly. But when we went into >> production and the production server seems to be a lot slower with the CAS >> client than without. So much so that the server is so overloaded that >> people >> are not able to work. >> >> We reproduced the slowness in our test environment, but we're not able to >> pinpoint the cause of the slowdown. We used a profiler, but everything >> seems >> to be slower, not some call in the cas client code. >> >> Has anyone seen this happen before? >> Below is the cas part of the configuration, but it all seems very >> standard. >> >> <bean id="casProcessingFilter" >> class="org.acegisecurity.ui.cas.CasProcessingFilter"> >> <property name="authenticationManager"> >> <ref bean="authenticationManager" /> >> </property> >> <property name="authenticationFailureUrl" >> value="/casfailed.jsp"/> >> <property name="defaultTargetUrl" >> value="/faces/pages/start.xhtml"/> >> <property name="filterProcessesUrl" >> value="/j_acegi_cas_security_check" /> >> <property name="alwaysUseDefaultTargetUrl" value="false" /> >> </bean> >> >> <bean id="casProcessingFilterEntryPoint" >> class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> >> <property name="loginUrl"> >> <value>${sso.server.path}/login</value> >> </property> >> <property name="serviceProperties"> >> <ref bean="serviceProperties" /> >> </property> >> </bean> >> >> <bean id="exceptionTranslationFilter" >> class="org.acegisecurity.ui.ExceptionTranslationFilter"> >> <property name="authenticationEntryPoint"> >> <ref local="casProcessingFilterEntryPoint" /> >> </property> >> </bean> >> >> <bean id="serviceProperties" >> class="org.acegisecurity.ui.cas.ServiceProperties"> >> <property name="service"> >> >> <value>${context.server.path}/j_acegi_cas_security_check</value> >> </property> >> <property name="sendRenew"> >> <value>false</value> >> </property> >> </bean> >> >> <bean id="authenticationManager" >> class="org.acegisecurity.providers.ProviderManager"> >> <property name="providers"> >> <list> >> <ref bean="casAuthenticationProvider" /> >> <bean >> >> class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> >> <property name="key" >> value="_hubview_v3_"/> >> </bean> >> </list> >> </property> >> </bean> >> >> <bean id="casAuthenticationProvider" >> >> class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> >> <property name="casAuthoritiesPopulator"> >> <ref bean="casAuthoritiesPopulator" /> >> </property> >> <property name="casProxyDecider"> >> <ref bean="casProxyDecider" /> >> </property> >> <property name="ticketValidator"> >> <ref bean="casProxyTicketValidator" /> >> </property> >> <property name="statelessTicketCache"> >> <ref bean="statelessTicketCache" /> >> </property> >> <property name="key"> >> >> <value>my_password_for_this_auth_provider_only</value> >> </property> >> </bean> >> >> <bean id="casProxyTicketValidator" >> >> >> class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> >> <property name="casValidate"> >> <value>${sso.server.path}/proxyValidate</value> >> </property> >> <!-- property name="proxyCallbackUrl"> >> <value> >> https://localhost:8443/contacts-cas/casProxy/receptor</value> >> </property--> >> <property name="serviceProperties"> >> <ref bean="serviceProperties" /> >> </property> >> <!--property >> >> name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property--> >> </bean> >> >> <bean id="cacheManager" >> >> class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> >> <property name="configLocation"> >> <value>classpath:/ehcache.xml</value> >> </property> >> </bean> >> >> <bean id="ticketCacheBackend" >> class="org.springframework.cache.ehcache.EhCacheFactoryBean"> >> <property name="cacheManager"> >> <ref local="cacheManager" /> >> </property> >> <property name="cacheName"> >> <value>ticketCache</value> >> </property> >> </bean> >> >> <bean id="statelessTicketCache" >> >> class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> >> <property name="cache"> >> <ref local="ticketCacheBackend" /> >> </property> >> </bean> >> >> <bean id="casAuthoritiesPopulator" >> >> >> class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> >> <property name="userDetailsService"> >> <ref bean="acegiSecurityService" /> >> </property> >> </bean> >> >> <bean id="casProxyDecider" >> >> class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" /> >> >> Regards, >> >> Arjan Seesing >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/CAS-Acegi-client-seems-to-make-the-application-a-lot-slower-tp2124112p2124112.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> -- >> You are currently subscribed to [hidden >> email]<http://user/SendEmail.jtp?type=node&node=2124259&i=1>as: [hidden >> email] <http://user/SendEmail.jtp?type=node&node=2124259&i=2> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [hidden email] > <http://user/SendEmail.jtp?type=node&node=2124259&i=3> as: [hidden email] > <http://user/SendEmail.jtp?type=node&node=2124259&i=4> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > ------------------------------ > View message @ > http://jasig.275507.n4.nabble.com/CAS-Acegi-client-seems-to-make-the-application-a-lot-slower-tp2124112p2124259.html > To unsubscribe from CAS Acegi client seems to make the application a lot > slower, click here< (link removed) ==>. > > > -- View this message in context: http://jasig.275507.n4.nabble.com/CAS-Acegi-client-seems-to-make-the-application-a-lot-slower-tp2124112p2125375.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
