[jboss-jira] [JBoss JIRA] (WFLY-6452) JBossCachedAuthenticationManager.isValid is called on every http requests of an authenticated user

Darran Lofthouse (JIRA) issues at jboss.org
Fri Apr 1 13:26:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-6452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated WFLY-6452:
-----------------------------------
    Component/s: Security
                     (was: Security Manager)


> JBossCachedAuthenticationManager.isValid is called on every http requests of an authenticated user
> --------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-6452
>                 URL: https://issues.jboss.org/browse/WFLY-6452
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security, Web (Undertow)
>    Affects Versions: 10.0.0.Final
>            Reporter: Juan AMAT
>            Assignee: Darran Lofthouse
>
> While doing some performance testing of our application on Wildfly 10.0.0.Final we noticed a huge difference in CPU utlization version the same test on JBoss EAP 6.4.
> What the test is doing is to run concurrently 2500 clients that log in webapp (FORM bases authentication) and that send a request every 15 seconds on average.
> In JBoss EAP 6.4 cpu utilization was about 10% on a 24 cores machine with one 20G JVM.
> With wildfly it was 95+%.
> Threads dumps showed a lot of threads in the JAAS Login Module.
> We are using org.jboss.security.auth.spi.DatabaseServerLoginModule.
> This was strange because all the users were already authenticated.
> It turns out that in Wildfly JBossCachedAuthenticationManager.isValid is called on every HTTP request. This is not the case in EAP 6.4.
> The problem then is that we have configured the security-domain with 'cache-type=default' which will use a cache with 1000 entries less than the number of our clients.
> The 'isValid' method will try to find the Principal in the cache, will not find it (most of the time) and will trigger an authentication.
> We can workaround this using 'cache-type=infinispan' with a local-cache with more entries. (and this is what I did not set this ticket as blocker).
> But this is just a workaround IMO.
> Why is 'isValid' called on every request in Wildfly?
> On a related note, it would also be nice to be able to configure the number of entries in the cache when using 'cache-type=default'



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list