[
https://issues.redhat.com/browse/ISPN-12126?page=com.atlassian.jira.plugi...
]
Gustavo Fernandes updated ISPN-12126:
-------------------------------------
Description:
Currently, the auth token is cached on a per-connection basis in the RestHandler. This
works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses
one child-channel per stream (each stream in HTTP/2 is a req/resp pair that can happen
simultaneously over the same connection).
One suggestion is to use {{org.wildfly.security.auth.realm.CachingSecurityRealm}} around
the supported security realms to cache credentials for a configurable amount of time, or
based on the number of credentials. This would also make Hot Rod better since the security
realms are global
was:
Currently, the auth token is cached on a per-connections basis in the RestHandler. This
works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses
one child-channel per stream (each stream in HTTP/2 is a req/resp pair that can happen
simultaneously over the same connection).
One suggestion is to use {{org.wildfly.security.auth.realm.CachingSecurityRealm}} around
the supported security realms to cache credentials for a configurable amount of time, or
based on the number of credentials. This would also make Hot Rod better since the security
realms are global
Performance drop when using auth in REST
----------------------------------------
Key: ISPN-12126
URL:
https://issues.redhat.com/browse/ISPN-12126
Project: Infinispan
Issue Type: Bug
Components: REST, Security
Affects Versions: 11.0.1.Final
Reporter: Gustavo Fernandes
Assignee: Gustavo Fernandes
Priority: Major
Currently, the auth token is cached on a per-connection basis in the RestHandler. This
works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses
one child-channel per stream (each stream in HTTP/2 is a req/resp pair that can happen
simultaneously over the same connection).
One suggestion is to use {{org.wildfly.security.auth.realm.CachingSecurityRealm}} around
the supported security realms to cache credentials for a configurable amount of time, or
based on the number of credentials. This would also make Hot Rod better since the security
realms are global
--
This message was sent by Atlassian Jira
(v7.13.8#713008)