[cas-user] CAS 6.3.7 authentication throttling with hazelcast throws exception

2 views
Skip to first unread message

'Udo Einspanier' via CAS Community

unread,
Oct 13, 2021, 10:16:43 AMOct 13
to CAS Community
Hi,

I am using CAS 6.3.7 and want to use authentication throttling with hazelcast. Every time the scheduler runs I get below exception. CAS calls a method in Hazelcast that is not supported for that class. Here my YAML configuration snippet:

throttle:
  usernameParameter: username
  schedule:
    enabled: true
    startDelay: PT10S
    repeatInterval: PT120S
  failure:
    threshold: 1
    rangeSeconds: 5
  hazelcast:
    cluster:
      members: @cas.hazelcast.members@
      instanceName: auththrottling
      port: @cas.hazelcast.port@
      tcpipEnabled: true



I guess disabling the throttle schedule is not an option since then it seems like the old entries remain in the map forever.

Has anyone used hazelcast successfully for authentication throttling?

Thanks,
Udo


2021-10-13 16:04:29,417 ERROR [org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - <Unexpected error occurred in scheduled task>
java.lang.UnsupportedOperationException: null
    at com.hazelcast.map.impl.query.QueryResultCollection.removeIf(QueryResultCollection.java:88) ~[hazelcast-4.1.jar:4.1]
    at org.apereo.cas.web.support.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter.decrement(AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter.java:62) ~[cas-server-support-throttle-core-6.3.7.jar:6.3.7]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
    at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
    at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar:5.2.12.RELEASE]
    at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar:5.2.12.RELEASE]
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar:5.2.12.RELEASE]
    at com.sun.proxy.$Proxy172.decrement(Unknown Source) ~[?:?]
    at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) ~[?:?]
    at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
    at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) ~[?:?]
    at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
    at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) ~[?:?]
    at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) ~[?:?]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
    at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497) ~[?:?]
    at org.apereo.cas.web.support.InMemoryThrottledSubmissionCleaner.run(InMemoryThrottledSubmissionCleaner.java:31) ~[cas-server-support-throttle-core-6.3.7.jar:6.3.7]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
    at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.2.12.RELEASE.jar:5.2.12.RELEASE]
    at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.2.12.RELEASE.jar:5.2.12.RELEASE]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[?:?]
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
    at java.lang.Thread.run(Thread.java:834) [?:?]

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b57526c0-c355-468f-8ab9-9ed4872bb667n%40apereo.org.

wvub...@gmail.com

unread,
Nov 15, 2021, 3:53:22 PM (11 days ago) Nov 15
to CAS Community, Udo Einspanier
I am getting the same error with 6.4.1. Have not found a solution yet.

chris

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a63a43c3-8d7f-44c1-9255-1dd51b500995n%40apereo.org.

'Udo Einspanier' via CAS Community

unread,
Nov 16, 2021, 3:53:48 AM (11 days ago) Nov 16
to CAS Community, wvub...@gmail.com, Udo Einspanier
Ok, thanks for the feedback.

Udo
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e79b7288-ae4e-4d46-b93a-525cfd18e403n%40apereo.org.

Felix Schumacher

unread,
Nov 16, 2021, 3:00:36 PM (10 days ago) Nov 16
to cas-...@apereo.org

I think this is a bug in the cas implementation of the generic throttler in combination with hazelcast. The used view returned by IMap#entrySet() is implemented as immutable (made more clear with https://github.com/hazelcast/hazelcast/issues/12198 ), but the generic implementation AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter#decrement() needs an mutable set to work on.

The thrown exception is used by hazelcast to make it clear, that the view (obtained by #entrySet) can't be modified.

It might have gone unnoticed in older versions, where hazelcast didn't throw an exception (at least, that is what I understood from reading the hazelcast issue 12198).

Felix

Am 15.11.21 um 21:53 schrieb wvub...@gmail.com:
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/834449ac-e0ab-627c-c72d-6d2f023953be%40internetallee.de.
OpenPGP_signature
Reply all
Reply to author
Forward
0 new messages