[
https://issues.apache.org/jira/browse/CXF-5420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-5420.
--------------------------------------
Resolution: Fixed
> Issue with EhCacheTokenStore using default LRU.
> -----------------------------------------------
>
> Key: CXF-5420
> URL: https://issues.apache.org/jira/browse/CXF-5420
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.6.10, 2.7.7
> Reporter: Freddy Exposito
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 2.6.12, 2.7.9
>
>
> HI All,
> The Ehcache TokenStore implementation (org.apache.cxf.ws.security.tokenstore.
> EHCacheTokenStore) is evicting wrong elements from the token store. It’s
> happening very randomly in a heavy multi-thread application but at some point
> is trying to get a DerivedKeyToken (added before sending request to the
> server) that was evicted before the response was returned.
> I actually see the issue in the Ehcache Element implementation
> (http://jira.terracotta.org/jira/browse/EHC-1065) because the constructor of
> class Element that the CXF EHCacheTokenStore implementation is using is not
> setting ‘lastAccessTime’ in the constructor. As lastAccessTime is being zero
> by default, all the DerivedKeyToken elements in the token store have
> lastAccessTime=0 and there is a possibility that a wrong element is evicted
> because the default ehcache LRU policy uses the ‘lastAccessTime’ to perform
> eviction.
> I reported the issue to EHcache already although I haven’t received answer
> from them. In the meantime, would you consider to update EHCacheTokenStore to
> use a more suitable Element constructor that allows setting ‘lastAccessTime’
> properly?
> Thanks,
--
This message was sent by Atlassian JIRA
(v6.1#6144)
