Could this be a performance issue in CAS6?

17 views
Skip to first unread message

Yan Zhou

unread,
Apr 25, 2022, 5:30:17 PMApr 25
to CAS Community
Hi there, 

this following validation is new in CAS6.x  

OIDC endpoint: cas/oidc/token   (request access token using authCode)
OAuth20AuthorizationCodeGrantTypeTokenRequestValidator

the log says it all, if authCode is expired, it will attempt to revoke all access tokens issued to the authCode (new to CAS6),  however, it does so by querying the entire registry:  getTicketRegistry().getTickets()

   @Override
    protected boolean validateInternal(final WebContext context, final String grantType,
                                       final ProfileManager manager, final UserProfile uProfile) {
 .......................................
        if (valid) {
            val token = getConfigurationContext().getTicketRegistry().getTicket(code.get(), OAuth20Code.class);
            if (token == null || token.isExpired()) {
                LOGGER.debug("Code [{}] is invalid or expired. Attempting to revoke access tokens issued to the code", code.get());
                val accessTokensByCode = getConfigurationContext().getTicketRegistry().getTickets(ticket ->
                    ticket instanceof OAuth20AccessToken
                        && StringUtils.equalsIgnoreCase(((OAuth20AccessToken) ticket).getToken(), code.get()));
                accessTokensByCode.forEach(ticket -> {
                    LOGGER.debug("Removing access token [{}] issued via expired/unknown code [{}]", ticket.getId(), code.get());
                    getConfigurationContext().getTicketRegistry().deleteTicket(ticket);
                });

                LOGGER.warn("Request OAuth code [{}] is not found or has expired", code.get());
                return false;
            }
...............................

this is CAS  HazelcastTicketRegistry code.  note:    this.ticketCatalog.findAll()

    @Override
    public Collection<? extends Ticket> getTickets() {
        return this.ticketCatalog.findAll()
            .stream()
            .map(metadata -> getTicketMapInstanceByMetadata(metadata).values())
            .flatMap(tickets -> {
                if (pageSize > 0) {
                    return tickets.stream().limit(pageSize).collect(Collectors.toList()).stream();
                }
                return new ArrayList<>(tickets).stream();
            })
            .map(this::decodeTicket)
            .collect(Collectors.toSet());
    }

Would not that be a performance issue?

Yan
Reply all
Reply to author
Forward
0 new messages