MemCacheTicketRegistry
As of CAS 3.3, a MemCacheTicketRegistry is provided.
Including the Cache in your build...
Add the following to your pom.xml:
< dependency >
< groupId >org.jasig.cas</ groupId >
< artifactId >cas-server-integration-memcached</ artifactId >
< version >${project.version}</ version >
< type >jar</ type >
</ dependency >
|
Configuration
You'll need to override the ticketRegistry.xml in the spring-configuration directory with something like this:
<? xml version = "1.0" encoding = "UTF-8" ?>
< beans xmlns = "http://www.springframework.org/schema/beans"
xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
xmlns:jee = "http://www.springframework.org/schema/jee"
xsi:schemaLocation="http://www.springframework.org/schema/beans
<!-- Ticket Registry -->
< bean id = "ticketRegistry" class = "org.jasig.cas.ticket.registry.MemCacheTicketRegistry" >
< constructor-arg index = "0" >
< list >
< value >machine1:11211</ value >
< value >machine2:11211</ value >
</ list >
</ constructor-arg >
< constructor-arg index = "1" type = "int" value = "21600" />
< constructor-arg index = "2" type = "int" value = "300" />
</ bean >
</ beans >
|
The "0" constructor parameter is the list of hosts and ports.
The "1" constructor parameter is the timeout value for TicketGrantingTickets in seconds.
The "2" constructor parameter is the timeout value for Service Tickets in seconds.
Security
As always, you should discuss with your Network team on the best way to secure the data being sent to the memcache servers. Memcache does not encrypt information so you need to protect it on your own.
Additional Notes:
Memcached is literally a cache and does not failover/replication/etc. by default. At Rutgers, we've tested a patch called repcache that adds this functionality. There are some limitations to repcache (i.e. the number of servers you can replicate to), but it appears to work well in our testing. We'll update this with any information.
Memcached clean:
UPDATE: The following information about reclaiming space from memcached during the course of operation is not necessary as memcached will reclaim used space as described in the following article: http://amix.dk/blog/viewEntry/19356.
Memcached not empty its cache (tickets CAS) if he needs space.
So even expired tickets are still present in the cache.
The CAS does not provide for cleaner cache memcache.
That is why we made a small perl script to do so.
Principle: recover the full script of a ticket and get over if it is expired memcache removes it from its cache.
We think a implement a ticketRegistryCleaner in CAS, but it will take 1.2.jar-memcached uses to access the stats (String)