Hazelcast integration, TGT, ST, OIDC tokens serialization jars?

34 views
Skip to first unread message

Yan Zhou

unread,
Feb 28, 2022, 11:11:44 AM2/28/22
to CAS Community
Hi there,

Anyone having to deal with token/ticket storage that require serializing CAS objects like Hazelcast?

For instance, TGT, ST, OIDC RT/AT all go to Hazelcast ticket registry, which requires to serialize any objects put on IMap.   

Would I have to package all jars containing these class and place on hazelcast lib folder?

These classes are non-trivial, always have a tree of other objects,  how do you deal with 
that?

Below is an example of TGT in CAS5, let alone the other objects in CAS5/CAS6, etc. 

Thanks,
Yan


public class TicketGrantingTicketImpl extends AbstractTicket implements TicketGrantingTicket {

    /**
     * Unique Id for serialization.
     */
    private static final long serialVersionUID = -8608149809180911599L;

    /**
     * The authenticated object for which this ticket was generated for.
     */
    @Lob
    @Column(name = "AUTHENTICATION", nullable = false, length = Integer.MAX_VALUE)
    private Authentication authentication;

Yan Zhou

unread,
Feb 28, 2022, 11:45:55 AM2/28/22
to CAS Community, Yan Zhou
Hi, 

I realize what maybe happening,  the CAS documentation assumes embedded HZ, HZ  and CAS live in the same JVM and therefore having access to all CAS jars.  

But, our HZ is external to CAS,  multiple CAS apps point to the same HZ cluster running on separate VMs.  How do I know which jars to package and place under  HZ's lib directory to resolve all these errors?

And further,  we have CAS5 and CAS6,  can I place the mix of cas5 and cas6 jars under the same HZ lib without conflict? 

2022-02-25 17:40:55 ERROR QueryPartitionOperation - [devcas705.mdc.qdx.com]:5701 [hz-nist-dev] [4.2] java.lang.ClassNotFoundException: org.apereo.cas.ticket.refreshtoken.OAuth20DefaultRefreshToken

com.hazelcast.nio.serialization.HazelcastSerializationException: java.lang.ClassNotFoundException: org.apereo.cas.ticket.refreshtoken.OAuth20DefaultRefreshToken

        at com.hazelcast.internal.serialization.impl.defaultserializers.JavaDefaultSerializers$JavaSerializer.read(JavaDefaultSerializers.java:90)

        at com.hazelcast.internal.serialization.impl.defaultserializers.JavaDefaultSerializers$JavaSerializer.read(JavaDefaultSerializers.java:79)

        at com.hazelcast.internal.serialization.impl.StreamSerializerAdapter.read(StreamSerializerAdapter.java:44)

        at com.hazelcast.internal.serialization.impl.AbstractSerializationService.toObject(AbstractSerializationService.java:208)

        at com.hazelcast.map.impl.record.Records.tryStoreIntoCache(Records.java:203)

        at com.hazelcast.map.impl.record.Records.getValueOrCachedValue(Records.java:170)

        at com.hazelcast.map.impl.query.PartitionScanRunner$1.accept(PartitionScanRunner.java:94)

        at com.hazelcast.map.impl.query.PartitionScanRunner$1.accept(PartitionScanRunner.java:89)

        at com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:278)

        at com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:261)



Ray Bon

unread,
Feb 28, 2022, 12:13:22 PM2/28/22
to cas-...@apereo.org
Yan Zhou,

Are you creating a custom feature?

If so, you may have to include libraries from the main cas project; and others as necessary. 
If it is a custom ticket feature, you can structure it like the most similar one from the cas project.

If not, you can add hazelcast ticket storage as per, https://apereo.github.io/cas/6.4.x/ticketing/Hazelcast-Ticket-Registry.html

Ray

On Mon, 2022-02-28 at 08:11 -0800, Yan Zhou wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. 
--
Ray Bon
Programmer Analyst
Development Services, University Systems

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.

Pablo Vidaurri

unread,
Feb 28, 2022, 12:19:53 PM2/28/22
to CAS Community, Yan Zhou
Also note the schema changes for CAS 6.5, all is tickets are serialized to one maybe two tables.

Ray Bon

unread,
Feb 28, 2022, 12:26:08 PM2/28/22
to cas-...@apereo.org, yana...@gmail.com
Yan Zhou,

I would think that cas prepares the tickets prior to sending them to hazelcast. Hazelcast should not need to know about the specifics of the data being stored.

Ray


On Mon, 2022-02-28 at 08:45 -0800, Yan Zhou wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Yan

unread,
Feb 28, 2022, 1:08:14 PM2/28/22
to Ray Bon, cas-...@apereo.org
This is  CAS  HazelCastTicketRegistry code, it is writing to HZ IMap object, with TGT object.  I do not see any special code, it seems writing the TGTTicketImpl object into Imap.

    public void addTicketInternal(final Ticket ticket) { 
        val metadata = this.ticketCatalog.find(ticket);
        val ticketMap = getTicketMapInstanceByMetadata(metadata);
        if (ticketMap != null) {
            ticketMap.set(encTicket.getId(), encTicket, ttl, TimeUnit.SECONDS);
        }
    }

Ray Bon

unread,
Feb 28, 2022, 3:44:22 PM2/28/22
to cas-...@apereo.org
Yan,
 
Since getTicketMapInstanceByMetadata returns IMap<String, Ticket>, you should only need to add cas-server-core-api-ticket-6.4.4.2.jar (or whatever version you are using).
Only one version of the library is necessary, Ticket interface is unlikely to change much (but keep it up to date).

Ray
Reply all
Reply to author
Forward
0 new messages