Freddy Exposito created CXF-5420:
------------------------------------
Summary: Issue with EhCacheTokenStore using default LRU.
Key: CXF-5420
URL: https://issues.apache.org/jira/browse/CXF-5420
Project: CXF
Issue Type: Bug
Affects Versions: 2.7.7, 2.6.10
Reporter: Freddy Exposito
Priority: Minor
HI All,
The Ehcache TokenStore implementation (org.apache.cxf.ws.security.tokenstore.
EHCacheTokenStore) is evicting wrong elements from the token store. It’s
happening very randomly in a heavy multi-thread application but at some point
is trying to get a DerivedKeyToken (added before sending request to the server)
that was evicted before the response was returned.
I actually see the issue in the Ehcache Element implementation
(http://jira.terracotta.org/jira/browse/EHC-1065) because the constructor of
class Element that the CXF EHCacheTokenStore implementation is using is not
setting ‘lastAccessTime’ in the constructor. As lastAccessTime is being zero by
default, all the DerivedKeyToken elements in the token store have
lastAccessTime=0 and there is a possibility that a wrong element is evicted
because the default ehcache LRU policy uses the ‘lastAccessTime’ to perform
eviction.
I reported the issue to EHcache already although I haven’t received answer from
them. In the meantime, would you consider to update EHCacheTokenStore to use a
more suitable Element constructor that allows setting ‘lastAccessTime’ properly?
Thanks,
--
This message was sent by Atlassian JIRA
(v6.1#6144)
