JWTTokenTicketBuilder.build issue an http request to server itself

[Daniel Qian]

cas version: v5.3.16

cas-server-support-token-core / JWTTokenTicketBuilder[1] use cas-client TicketValidator to validate service ticket, which issue an http request to the server itself.

That's not good, there is a performance impact.

I think it'll be better if server validate the service ticket locally, not http request to itself.

[1]: https://github.com/apereo/cas/blob/v5.3.16/support/cas-server-support-token-core/src/main/java/org/apereo/cas/token/JWTTokenTicketBuilder.java

[Raph C]

I'm totally agree. In my company we had to upgrade cpu as a workaround of performance issue due to jwtasticket activation.

The tokenBuilder reuses servicevalidate web controllers to fetch ticket claims by using an internal java http client. Seems to be the easier solution. A tough rework would be necessary to split attributes release  logic from web controllers (depending on protocol version).

I wanted to working on it but no time to spend on it.

Regards

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d3da75b-0a83-42b6-806c-fcef84a4358fn%40apereo.org.