Just a note, we have the EHCache solution and replicating in our production 
environment now.

Primarily worked from the path in the Jira 
https://issues.jasig.org/browse/CAS-816

There is one notable issue with the configuration provided. While the provided 
xml suggests TimeToLive values it does not suggest TimeToIdle value therefore 
he values get set to the defaults os 120 seconds.

You might want service tickets that only last 2 minutes but it's really not SSO 
when the TGT tickets only last 2 minutes. Another issue to note TimeToLive is 
the MAXIMUM life in seconds, even if the ticket is refreshed.

My ticketRegistry.xml config is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
           xmlns:aop="http://www.springframework.org/schema/aop";
       xmlns:p="http://www.springframework.org/schema/p";
       xmlns:ehcache="http://www.springmodules.org/schema/ehcache";
       xsi:schemaLocation="http://www.springframework.org/schema/beans 
           http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springmodules.org/schema/ehcache 
           http://www.springmodules.org/schema/cache/springmodules-ehcache.xsd
       http://www.springframework.org/schema/aop 
           http://www.springframework.org/schema/aop/spring-aop.xsd";>

   <description>
      Configuration for the EH Cache TicketRegistry which stores the tickets in 
a distributed EH Cache and cleans them out as
      specified intervals.
   </description>

   <bean id="cacheManager" 
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
      <property name="configLocation" 
value="/WEB-INF/spring-configuration/ehcache-replicated.xml" />
      <property name="shared" value="true" />
      <property name="cacheManagerName" value="cacheManager" />
   </bean>

   <bean id="ticketRegistry" 
class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
      <property name="serviceTicketsCache" ref="serviceTicketsCache" />
      <property name="ticketGrantingTicketsCache" 
ref="ticketGrantingTicketsCache" />
   </bean>

   <bean id="serviceTicketsCache" 
class="org.jasig.cas.util.RmiDistributedEhCacheFactoryBean">
      <description>
         Service Tickets (ST) are short lived objects (less than 5 seconds) 
that are mostly removed from the cache during the
         service ticket validation operation.
         The ST cache must be replicated very quickly because the ST validation 
is performed soon after
         its creation (the time of a 302 redirect) and the ST validation server 
is very likely not to be the ST creation server because this
         validation is performed via a server-to-server communication that is 
not aware of user session affinity.
         To ensure a short replication delay, we use the synchronous mode
     </description>
      <property name="cacheManager" ref="cacheManager" />
      <property name="cacheName" value="org.jasig.cas.ticket.ServiceTicket" />
      <property name="diskExpiryThreadIntervalSeconds" value="120" />
      <property name="diskPersistent" value="false" />
      <property name="eternal" value="false" />
      <property name="maxElementsInMemory" value="10000" />
      <property name="maxElementsOnDisk" value="100000" />
      <property name="memoryStoreEvictionPolicy" value="LRU" />
      <property name="overflowToDisk" value="true" />
      <property name="timeToIdle" value="300" />
      <property name="timeToLive" value="300" />
      <property name="rmiCacheReplicatorProperties">
         <props>
            <prop key="replicateAsynchronously">false</prop>
         </props>
      </property>
   </bean>
   <bean id="ticketGrantingTicketsCache" 
class="org.jasig.cas.util.RmiDistributedEhCacheFactoryBean">
      <description>
         Ticket Granting Tickets (TGT) are long lived objects (more than 15 
minutes) that are mostly removed from the cache by the cache evictor. Web
         user explicit sign off is the only way to explicitly delete these TGT; 
this operation is unlikely.
         The TGT cache can be replicated slowly because TGT are only 
manipulated via web user started operations (mostly grant service ticket) and
         thus benefit of web session affinity.
         </description>
      <property name="cacheManager" ref="cacheManager" />
      <property name="cacheName" 
value="org.jasig.cas.ticket.TicketGrantingTicket" />
      <property name="diskExpiryThreadIntervalSeconds" value="120" />
      <property name="diskPersistent" value="false" />
      <property name="eternal" value="false" />
      <property name="maxElementsInMemory" value="10000" />
      <property name="maxElementsOnDisk" value="100000" />
      <property name="memoryStoreEvictionPolicy" value="LRU" />
      <property name="overflowToDisk" value="true" />
      <property name="timeToIdle" value="7200" />
      <property name="timeToLive" value="86400" />
      <property name="rmiCacheReplicatorProperties">
         <props>
            <prop key="asynchronousReplicationIntervalMillis">500</prop>
            <prop key="replicateRemovals">false</prop>
         </props>
      </property>
   </bean>
</beans>

-Andrew

On Aug 5, 2010, at 4:21 PM, acevedo wrote:

> 
> Mr. Battaglia,
> 
> Will there be an official cas-server-integration_ehcache in a future CAS
> versions or am I barking up the wrong tree.
> 
> Currently setting up 3.3.5.
> -- 
> View this message in context: 
> http://jasig.275507.n4.nabble.com/CAS-EHCache-Ticket-Registry-tp278045p2315561.html
> Sent from the CAS Users mailing list archive at Nabble.com.
> 
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to