Re: [cas-user] Memcached Ticket Registry - Unresolved

Thu, 19 Apr 2012 06:51:46 -0700 



   <bean id="auditablePrincipalResolver" 
class="org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver">
       <constructor-arg index="0" ref="ticketRegistry" />
   </bean>



I think this component is the culprit, though I can't say why exactly. 
Might be helpful to keep source in mind [1] for further discussion. 
Your description of the problem and the stack trace indicate that this 
is happening on the audit around 
CentralAuthenticationServiceImpl#destroyTicketGrantingTicket().
The following code block would be executed in both the success and 
failure cases:



            final Ticket ticket = 
this.ticketRegistry.getTicket((String) arg1);

            if (ticket instanceof ServiceTicket) {
                final ServiceTicket serviceTicket = (ServiceTicket) ticket;

                return 
serviceTicket.getGrantingTicket().getAuthentication().getPrincipal().getId();

            } else if (ticket instanceof TicketGrantingTicket) {

                final TicketGrantingTicket tgt = (TicketGrantingTicket) 
ticket;

                return tgt.getAuthentication().getPrincipal().getId();
            }


Clearly if there were some problem looking up the TGT from the registry, 
it would throw in both cases since a principal is needed to log both a 
success and failure.  From my experience, MemCacheTicketRegistry hardly 
ever throws exceptions, so this would be odd, but there is some network 
IO going on under the hood, and IO is a common cause of errors.  We 
could use some more logging here to help diagnose these kinds of errors, 
but without source mods there's nothing further you can do to get more 
insight into the root cause.



If you're feeling brave, you can check out my modified 
MemcachedTicketRegistry component that I'm working to get merged into 
master for 3.5:


https://github.com/serac/cas/tree/memcached-ng


As you can see [2], it has the logging you'd need to track down the 
specific error you're seeing.  I can work with you on a 
ticketRegistry.xml if you're interested in trying it out.


M


[1] 
https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/audit/spi/TicketOrCredentialPrincipalResolver.java
[2] 
https://github.com/serac/cas/blob/memcached-ng/cas-server-integration-memcached/src/main/java/org/jasig/cas/ticket/registry/MemcachedTicketRegistry.java


--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to