Hi folks,
Just want to share some recent observations.
We did some profiling of CAS (mostly around OIDC) and it turned out that ClientInfoThreadLocalFilter alone is responsible for substantial latency.
(profiling done using OpenJDK 11.0.2 on MacOS).
ClientInfoThreadLocalFilter, as one may guess by its name, uses ThreadLocal to store user data which is used down the line in some places.
This filter was removed (in a rather hacky way, by removing cas-server-core-audit-*.jar and **/cas-server-core-events-*.jar from WAR.
It worked wonderfully, the overall CAS endpoint latency dropped more than 2 times.
There are few places where ClientInfo is needed, namely in audit logging and to inject client IP in TGC cookie.
We can continue using CAS with that hack, without the fix, as CAS audit doesn't really fit our model and we don't need IP-bound cookies wither.
But one could just pass ClientInfo down the call stack, explicitly, without resorting to ThreadLocal (inherently unsafe and slow technique that shouldn't be used at all).
I wonder 1) if this is a known issue, and 2) if there are some plans to deal with that.
Kind regards,
Tim