[jboss-jira] [JBoss JIRA] (WFLY-6452) Unable to tune 'default' cache as used by JBossCachedAuthenticationManager leading to valid entries being prematurely evicted.
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Apr 1 14:24:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13185552#comment-13185552 ]
Darran Lofthouse commented on WFLY-6452:
----------------------------------------
Yes the LoginModule should not be called, we should have been able to identify the corresponding entry in the cache used by JBossCachedAuthenticationManager,
> Unable to tune 'default' cache as used by JBossCachedAuthenticationManager leading to valid entries being prematurely evicted.
> ------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-6452
> URL: https://issues.jboss.org/browse/WFLY-6452
> Project: WildFly
> Issue Type: Bug
> Components: Security, Web (Undertow)
> Affects Versions: 10.0.0.Final
> Reporter: Juan AMAT
> Assignee: Darran Lofthouse
>
> While doing some performance testing of our application on Wildfly 10.0.0.Final we noticed a huge difference in CPU utlization version the same test on JBoss EAP 6.4.
> What the test is doing is to run concurrently 2500 clients that log in webapp (FORM bases authentication) and that send a request every 15 seconds on average.
> In JBoss EAP 6.4 cpu utilization was about 10% on a 24 cores machine with one 20G JVM.
> With wildfly it was 95+%.
> Threads dumps showed a lot of threads in the JAAS Login Module.
> We are using org.jboss.security.auth.spi.DatabaseServerLoginModule.
> This was strange because all the users were already authenticated.
> It turns out that in Wildfly JBossCachedAuthenticationManager.isValid is called on every HTTP request. This is not the case in EAP 6.4.
> The problem then is that we have configured the security-domain with 'cache-type=default' which will use a cache with 1000 entries less than the number of our clients.
> The 'isValid' method will try to find the Principal in the cache, will not find it (most of the time) and will trigger an authentication.
> We can workaround this using 'cache-type=infinispan' with a local-cache with more entries. (and this is what I did not set this ticket as blocker).
> But this is just a workaround IMO.
> Why is 'isValid' called on every request in Wildfly?
> On a related note, it would also be nice to be able to configure the number of entries in the cache when using 'cache-type=default'
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list