[jboss-jira] [JBoss JIRA] (WFLY-6452) Unable to tune 'default' cache as used by JBossCachedAuthenticationManager leading to valid entries being prematurely evicted.

Darran Lofthouse (JIRA) issues at jboss.org
Fri Apr 1 14:35:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-6452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13185563#comment-13185563 ] 

Darran Lofthouse commented on WFLY-6452:
----------------------------------------

Yes I do agree that there is an issue that need to be solved otherwise the Jira issue would be closed.

WildFly 10 contains new code, part of that has allowed us to review what we did before so the exact place decisions are made may be altered.  However yes LoginModules being repeatedly called for users that have been recently authenticated is a bad thing.

> Unable to tune 'default' cache as used by JBossCachedAuthenticationManager leading to valid entries being prematurely evicted.
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-6452
>                 URL: https://issues.jboss.org/browse/WFLY-6452
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security, Web (Undertow)
>    Affects Versions: 10.0.0.Final
>            Reporter: Juan AMAT
>            Assignee: Darran Lofthouse
>
> While doing some performance testing of our application on Wildfly 10.0.0.Final we noticed a huge difference in CPU utlization version the same test on JBoss EAP 6.4.
> What the test is doing is to run concurrently 2500 clients that log in webapp (FORM bases authentication) and that send a request every 15 seconds on average.
> In JBoss EAP 6.4 cpu utilization was about 10% on a 24 cores machine with one 20G JVM.
> With wildfly it was 95+%.
> Threads dumps showed a lot of threads in the JAAS Login Module.
> We are using org.jboss.security.auth.spi.DatabaseServerLoginModule.
> This was strange because all the users were already authenticated.
> It turns out that in Wildfly JBossCachedAuthenticationManager.isValid is called on every HTTP request. This is not the case in EAP 6.4.
> The problem then is that we have configured the security-domain with 'cache-type=default' which will use a cache with 1000 entries less than the number of our clients.
> The 'isValid' method will try to find the Principal in the cache, will not find it (most of the time) and will trigger an authentication.
> We can workaround this using 'cache-type=infinispan' with a local-cache with more entries. (and this is what I did not set this ticket as blocker).
> But this is just a workaround IMO.
> Why is 'isValid' called on every request in Wildfly?
> On a related note, it would also be nice to be able to configure the number of entries in the cache when using 'cache-type=default'



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list