<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Stuart,<br>
<br>
I've applied your changes and they will be available once we
upgrade PicketBox, which should happen soon. I do believe that
this heavy usage of reflection is overkill since most of the time
the default SecurityContext implementation is used. I've never
heard of a case where this implemenation has been changed. So I'm
wondering if we couldn't just make sure that whenever the default
context is being used we instantiate it by calling new
JBossSecurityContext(securityDomain) and use the reflection stuff
only if the caller really supplies a different implementation
class.<br>
<br>
Stefan<br>
<br>
On 09/05/2013 06:41 AM, Stuart Douglas wrote:<br>
</div>
<blockquote
cite="mid:716497277.8314772.1378374067597.JavaMail.root@redhat.com"
type="cite">
<pre wrap="">Oops, just realised I missed that the same thing was happening with the SecurityContextUtil class.
With this patch, and my recently merged SecurityContextAssociationValve patch, I have seen a >20% increase in performance of an empty web application (28k req/sec vs 23k req/sec).
Stuart
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Anil Saldhana" <a class="moz-txt-link-rfc2396E" href="mailto:Anil.Saldhana@redhat.com"><Anil.Saldhana@redhat.com></a>
To: "Stuart Douglas" <a class="moz-txt-link-rfc2396E" href="mailto:sdouglas@redhat.com"><sdouglas@redhat.com></a>
Cc: <a class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>, "Andrig Miller" <a class="moz-txt-link-rfc2396E" href="mailto:anmiller@redhat.com"><anmiller@redhat.com></a>
Sent: Wednesday, 4 September, 2013 3:47:47 PM
Subject: Re: [security-dev] Picketbox performance improvements
Hi Stuart,
it will be a couple of days to upgrade. There are other fixes going
into the upgrade.
Regards,
Anil
On 09/04/2013 04:31 AM, Stuart Douglas wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I have been benchmarking Wildfly upstream, and with the exception of the
Weld listener (that I am about to try and fix), I am seeing the creation
of the security context as by far the most expensive part of the web
request chain.
Firstly a bit about the tests, basically it is possible to run Undertow in
pipelining mode, where if you send it pipelined HTTP requests it will
buffer the responses and batch them. This is not super useful in practice,
but what it does allow me to do is basically take most of the IO component
out of a web request, and just look at which bits of the web request chain
are consuming the most CPU.
The issues I am seeing are:
- Some unnecessary AccessController.doPrivilidged calls
- A reflection call on every request to lookup the constructor of the
security context class
I have provided a patch to address both of these, by adding a guard around
the AccessController calls, and by caching the constructor used for the
default security context class. I think it may even be worthwhile taking
this one step further, and using generated bytecode to create the class.
Normally I would consider this overkill but security context creation
happens on every request, so if we are serious about performance we should
be trying to make it as cheap as possible.
To give you an idea of how much this affects the total cost of the Servlet
pipeline:
Current WF upstream (without Weld): 134k req/sec
After removing the AccessController calls: 158k req/sec
Adding constructor caching: 171k req/sec
Note that the speedup will not be as big for more realistic workloads,
however it will still be significant.
Stuart
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
security-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
</blockquote>
</blockquote>
<br>
</body>
</html>