[jboss-jira] [JBoss JIRA] (WFLY-6452) JBossCachedAuthenticationManager.isValid is called on every http requests of an authenticated user
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Apr 1 13:44:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13185530#comment-13185530 ]
Darran Lofthouse commented on WFLY-6452:
----------------------------------------
Because there are many HTTP mechanisms where associating an authenticated identity with a session is a bad practice so the caching is now deferred to the JBossCachedAuthenticationManager.
> JBossCachedAuthenticationManager.isValid is called on every http requests of an authenticated user
> --------------------------------------------------------------------------------------------------
>
> Key: WFLY-6452
> URL: https://issues.jboss.org/browse/WFLY-6452
> Project: WildFly
> Issue Type: Bug
> Components: Security, Web (Undertow)
> Affects Versions: 10.0.0.Final
> Reporter: Juan AMAT
> Assignee: Darran Lofthouse
>
> While doing some performance testing of our application on Wildfly 10.0.0.Final we noticed a huge difference in CPU utlization version the same test on JBoss EAP 6.4.
> What the test is doing is to run concurrently 2500 clients that log in webapp (FORM bases authentication) and that send a request every 15 seconds on average.
> In JBoss EAP 6.4 cpu utilization was about 10% on a 24 cores machine with one 20G JVM.
> With wildfly it was 95+%.
> Threads dumps showed a lot of threads in the JAAS Login Module.
> We are using org.jboss.security.auth.spi.DatabaseServerLoginModule.
> This was strange because all the users were already authenticated.
> It turns out that in Wildfly JBossCachedAuthenticationManager.isValid is called on every HTTP request. This is not the case in EAP 6.4.
> The problem then is that we have configured the security-domain with 'cache-type=default' which will use a cache with 1000 entries less than the number of our clients.
> The 'isValid' method will try to find the Principal in the cache, will not find it (most of the time) and will trigger an authentication.
> We can workaround this using 'cache-type=infinispan' with a local-cache with more entries. (and this is what I did not set this ticket as blocker).
> But this is just a workaround IMO.
> Why is 'isValid' called on every request in Wildfly?
> On a related note, it would also be nice to be able to configure the number of entries in the cache when using 'cache-type=default'
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list