Can you determine what exactly is holding on to the memory? Also, how are you currently testing and determining the size? I.e. Load Test + YourKit, etc.
On Sun, Aug 8, 2010 at 2:34 PM, <[email protected]> wrote: > Yeah... Here is my code that puts the filter on a virtual chain if it > helps.... > public class AuthenticationFilter implements Filter { > private LogoutFilter logoutFilter; > private Properties properties; > private List<String> ignorePaths; > private CachedAuthenticationSecurity jbhLdapSecurity; > private List<Filter> normalFilterList = new ArrayList<Filter>(); > private List<Filter> failOverFilterList = new ArrayList<Filter>(); > private boolean hasInitErrors = false; > > public AuthenticationFilter() { > try { > properties = SharedUtils.getSSOProperties(); > if (properties == null) { > _log.error("Properties was null"); > } > } catch (Exception e) { > _log.error("exception", e); > } > } > > public AuthenticationFilter(Properties properties) { > this.properties = properties; > } > > public void init(FilterConfig filterConfig) throws ServletException > { > // This is called once at deploy time > _log.debug("AuthenticationFilter --> init the filter"); > try { > jbhLdapSecurity = new > CachedAuthenticationSecurity(); > initFilters(SharedUtils.initDynamicFilterConfig > (filterConfig)); > initFilterIgnorePaths(); > hasInitErrors = false; > } catch (Exception e) { > hasInitErrors = true; > _log.error("exception", e); > } > > } > > private boolean isWrapRequestEnabled() { > return properties.getProperty("app.filter.wrap.request", > "false") > .equalsIgnoreCase("true"); > } > > private void initFilters(FilterConfig filterConfig) throws > ServletException { > // Setup Dynamic Filter List fo CAS > CASAuthenticationFilter casFilter = new > CASAuthenticationFilter > (); > Cas20ProxyReceivingTicketValidationFilter valFilter = new > Cas20ProxyReceivingTicketValidationFilter(); > SingleSignOutFilter singleOutFilter = new > SingleSignOutFilter > (); > HttpServletRequestWrapperFilter wrapFilter = new > HttpServletRequestWrapperFilter(); > logoutFilter = new > com.jbhunt.biz.security.sso.filters.LogoutFilter(); > > try { > // Init the Filters we are using the same dynamic > filter > // config because they share alot of what they need > // We init wrapFilter first due we need it if the > others > fail > wrapFilter.init(filterConfig); > > //These will fail if the correct server settings are > not > found in the filterconfig > singleOutFilter.init(filterConfig); > valFilter.init(filterConfig); > casFilter.init(filterConfig); > logoutFilter.init(filterConfig); > } finally { > normalFilterList.add(singleOutFilter); > normalFilterList.add(casFilter); > normalFilterList.add(valFilter); > if (isWrapRequestEnabled()) { > normalFilterList.add(wrapFilter); > failOverFilterList.add(wrapFilter); > } > } > } > > private void initFilterIgnorePaths() { > String tmp = properties.getProperty > ("app.filter.css.ignore.paths", ""); > if (tmp.trim().length() != 0) { > this.ignorePaths = > Arrays.asList(tmp.toLowerCase().split > (",")); > } else { > this.ignorePaths = null; > } > > } > > public void doFilter(ServletRequest servletRequest, > ServletResponse servletResponse, FilterChain > filterChain) > throws IOException, ServletException { > _log.debug("AuthenticationFilter --> starting the filter"); > HttpServletRequest request = (HttpServletRequest) > servletRequest; > > String pathInfo = request.getRequestURL().toString(); > > _log.debug("PathInfo=" + pathInfo); > String logoutPath = properties.getProperty > ("app.filter.logout.path"); > String ssoPath = > properties.getProperty("app.filter.sso.path"); > _log.debug("SSO Path=" + ssoPath); > if (pathInfo.indexOf(logoutPath) != -1) { > logoutFilter.doFilter(servletRequest, > servletResponse, > filterChain); > } else if (pathInfo.indexOf(ssoPath) != -1) { > String host = new > String(servletRequest.getServerName()); > if (host.indexOf(".jbhunt.com") > -1) { > // If path is in ignore paths don't do > anything > if (ignorePaths != null) { > if > (ignorePaths.contains(pathInfo.toLowerCase > ())) { > > filterChain.doFilter(servletRequest, > servletResponse); > return; > } > } > > FilterChain fc; > if (SharedUtils.isSSOServerUp() && > hasInitErrors == > false) { > fc = new > VirtualFilterChain(normalFilterList, > filterChain); > } else { > fc = new VirtualFilterChain > (failOverFilterList, filterChain); > } > //Check to see if backup form data is > present > if > (SharedUtils.getFormUserName(servletRequest) == > null) { > //No Backup Form So Attempt Normal > if (SharedUtils.isAuthenticated > (servletRequest)) { > //CAS Assertion is present > so user is > authenticated > fc.doFilter(servletRequest, > servletResponse); > } else if (hasInitErrors > || !SharedUtils.isSSOServerUp()) { > //CAS Server is down or > there was a > problem with the init > if (hasInitErrors) { > > _log.warn("AuthenticationFilter > --> There are Init Errors"); > } else { > > _log.warn("AuthenticationFilter > --> CAS is down"); > } > //Send Backup Form > > sendLoginPage(servletRequest, > servletResponse); > return; > } else if > (SharedUtils.isSSOServerUp()) { > > _log.debug("AuthenticationFilter --> go > To SSO server"); > fc.doFilter(servletRequest, > servletResponse); > } else { > throw new ServletException( > "This > resource requires > Authentication"); > } > } else if (!SharedUtils.isAuthenticated > (servletRequest)) { > String userid = > SharedUtils.getFormUserName > (servletRequest); > String password = SharedUtils > > .getFormPassword(servletRequest); > _log.debug("j_username --> " + > userid); > try { > // This allows users to > login with > email address > if (userid.indexOf("@") > > -1) { > userid = > jbhLdapSecurity.getUIDfromEmail(userid); > } > if > (jbhLdapSecurity.LDAPauthenticate > (userid, > > CachedAuthenticationSecurity.encrypt(password))) { > SharedUtils > > .setSessionAllAuthenticatedAttributes( > > servletRequest, > > userid, > > JBConstants.USERID_SESSION_AUTH_SRC_FAILOVER); > if(userid != null){ > > LtpaUtil.setCookie(userid, > request, servletResponse); > } > > fc.doFilter(servletRequest, > servletResponse); > } else { > > sendLoginPage(servletRequest, > servletResponse, > > "Invalid login > attempt - Please make sure that CAPS lock is not turned on."); > return; > } > } catch (Exception e) { > String loginError = ""; > if > (e.getMessage().contains("error code > 49")) { > loginError = > "Invalid login > attempt - Please supply a valid username and password"; > } else { > loginError = "Error > logging in: " > + e.getMessage(); > > _log.error("exception", e); > } > > sendLoginPage(servletRequest, > servletResponse, > loginError); > return; > } > } else { > _log > > .debug("AuthenticationFilter --> > already Authenticated2"); > fc.doFilter(servletRequest, > servletResponse); > } > } else { > _log > .error("Someone tried to > login from a > domain other than JB Hunts (came from " > + host + > ")"); > > SharedUtils.sendInternalPage(servletResponse, > > JBConstants.INVALID_ATTEMPT_FORM_PAGE, > ""); > } > } else { > filterChain.doFilter(servletRequest, > servletResponse); > } > } > > protected void sendLoginPage(ServletRequest servletRequest, > ServletResponse servletResponse, String loginError) > throws IOException { > SharedUtils.sendInternalPage(servletResponse, > JBConstants.LOGIN_FORM_PAGE, loginError); > } > > protected void sendLoginPage(ServletRequest servletRequest, > ServletResponse servletResponse) throws IOException > { > sendLoginPage(servletRequest, servletResponse, ""); > > } > > public void destroy() { > > } > > private static Log _log = LogFactory > .getLog > (com.jbhunt.biz.security.sso.filters.AuthenticationFilter.class); > > private static class VirtualFilterChain implements FilterChain { > private List<Filter> additionalFilters; > private FilterChain originalFilterChain; > private int currentPosition = 0; > > private VirtualFilterChain(List<Filter> additionalFilters, > FilterChain originalFilterChain) { > this.additionalFilters = additionalFilters; > this.originalFilterChain = originalFilterChain; > } > > public void doFilter(ServletRequest request, ServletResponse > response) > throws IOException, ServletException { > if (currentPosition == additionalFilters.size()) { > originalFilterChain.doFilter(request, > response); > } else { > currentPosition++; > Filter nextFilter = additionalFilters.get > (currentPosition - 1); > nextFilter.doFilter(request, response, > this); > } > } > > } > > } > > Chris Whittle > SWAT Team Developer > J.B. Hunt Transport Services, Inc. > Office Phone:(479) 419-3122 > Ext:73122 > Fax Phone:(479) 820-1769 > [email protected] > (Embedded image moved to file: pic01999.gif)What's your next move?TM > Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated | > Flatbed | Expedited > > > > Scott Battaglia > <scott.battaglia@ > gmail.com> To > [email protected] > 08/08/2010 01:38 cc > AM > Subject > Re: [cas-user] > Please respond to Cas20ProxyReceivingTicketValidation > [email protected] Filter taking up 130mb > sig.org > > > > > > > > > > Are you making sure the init method is called for the filter? It's what > starts the timer thread to clean out the storage. > > Sent from my iPod > > On Aug 7, 2010, at 22:11, [email protected] wrote: > > > > > LOL there isn;t.. the only thing different is that we are putting the > > filters on a virtual filter chain (similar to a sample spring > > implementation we saw but sans the spring).. Even though it sounds like a > > wonky deal it;s really not.... It's just one filter that calls a > virtual > > filter chain that contains SSOFilter,ValidationFilter, and > > AuthenticationFilter... This gives us the ability to have one filter > that > > is added to an application.... > > > > Chris Whittle > > SWAT Team Developer > > J.B. Hunt Transport Services, Inc. > > Office Phone:(479) 419-3122 > > Ext:73122 > > Fax Phone:(479) 820-1769 > > [email protected] > > (Embedded image moved to file: pic30191.gif)What's your next move?TM > > Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated | > > Flatbed | Expedited > > > > > > > > Scott Battaglia > > > <scott.battaglia@ > > > gmail.com> > To > > > [email protected] > > > 08/07/2010 07:39 cc > > > PM > > > Subject > > > Re: [cas-user] > > > Please respond to Cas20ProxyReceivingTicketValidation > > [email protected] Filter taking up 130mb > > > sig.org > > > > > > > > > > > > > > > > > > > > > That'd be a heck of a lot of PGT/PGTIOU mappings... > > > > > > On Sat, Aug 7, 2010 at 3:14 PM, <[email protected]> wrote: > > > > I'm working on implementing CAS client and during our testing we are > > seeing the > > > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter > > is holding on to 130MB of memory.... Any ideas? is this normal? > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > <pic30191.gif> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
