[infinispan-issues] [JBoss JIRA] (ISPN-12126) Performance drop when using auth in REST
Gustavo Fernandes (Jira)
issues at jboss.org
Thu Jul 16 13:17:00 EDT 2020
[ https://issues.redhat.com/browse/ISPN-12126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gustavo Fernandes updated ISPN-12126:
-------------------------------------
Description:
Currently, the auth token is cached on a per-connection basis in the RestHandler. This works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses one child-channel per each simultaneous request/response pair (stream).
One suggestion is to use {{[org.wildfly.security.auth.realm.CachingSecurityRealm|https://wildfly-security.github.io/wildfly-elytron/1.1.x/org/wildfly/security/auth/realm/CachingSecurityRealm.html]}} around the supported security realms to cache credentials for a configurable amount of time, or based on the number of credentials. This would also improve Hot Rod since the security realms are global
was:
Currently, the auth token is cached on a per-connection basis in the RestHandler. This works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses one child-channel per each simultaneous request/response pair (stream).
One suggestion is to use {{org.wildfly.security.auth.realm.CachingSecurityRealm}} around the supported security realms to cache credentials for a configurable amount of time, or based on the number of credentials. This would also improve Hot Rod since the security realms are global
> Performance drop when using auth in REST
> ----------------------------------------
>
> Key: ISPN-12126
> URL: https://issues.redhat.com/browse/ISPN-12126
> Project: Infinispan
> Issue Type: Bug
> Components: REST, Security
> Affects Versions: 11.0.1.Final
> Reporter: Gustavo Fernandes
> Assignee: Gustavo Fernandes
> Priority: Major
>
> Currently, the auth token is cached on a per-connection basis in the RestHandler. This works fine for HTTP/1 with keep-alive, but not for HTTP/2, because it multiplexes and uses one child-channel per each simultaneous request/response pair (stream).
> One suggestion is to use {{[org.wildfly.security.auth.realm.CachingSecurityRealm|https://wildfly-security.github.io/wildfly-elytron/1.1.x/org/wildfly/security/auth/realm/CachingSecurityRealm.html]}} around the supported security realms to cache credentials for a configurable amount of time, or based on the number of credentials. This would also improve Hot Rod since the security realms are global
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the infinispan-issues
mailing list