[
https://issues.apache.org/jira/browse/ARTEMIS-1884?focusedWorklogId=521453&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-521453
]
ASF GitHub Bot logged work on ARTEMIS-1884:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 07/Dec/20 23:26
Start Date: 07/Dec/20 23:26
Worklog Time Spent: 10m
Work Description: ryeats commented on pull request #3281:
URL: https://github.com/apache/activemq-artemis/pull/3281#issuecomment-740243430
Hacked at the Perf test to try out a few cases. Turns out Roles are stored
in the javax.security.auth.Subject as a "Set" thats really backed by linked
list so they do effect performance which is disappointing. I tried to run the
test in a way that made the worst case take place every time so canAccept
returns true on the 100th role on the 100th consumer.
**Performance Test on a Queue**:
Baseline performance
4743.47 msg/s (250000 messages in 52.70s
Role\Consumers | 1|11|101
------------ | ------------- | ------------- | -------------
2 |56.10s|56.64s|66.37s
11 |57.53s|58.96s|68.48s
101|56.23s|60.53s|84.66s
I also tested against a topic worst case 50 consumers have the role and it
is their 100th role. Had some trouble hitting memory or other system limits on
this one so adjusted the consumers down to avoid that noise but it still wasn't
super consistent.
**Performance Test on a Topic with durability off**:
Baseline Performance
1 consumers 83084.08 msg/s (250000 messages in 3.01s)
10 consumers 21347.45 msg/s (250000 messages in 11.71s)
50 consumers 21396.78 msg/s (250000 messages in 11.68s)
**Performance Test on a Topic**:
Role\Consumers | 1|11|51
------------ | ------------- | ------------- | -------------
2|3.84s|8.16s|13.15s
11|2.49s|12.20s|18.93s
101|3.08s|11.58s|25.01s
The numbers were not super consistent but do seem to show a trend towards a
tradeoff with more consumers and roles. I think there has to be some
expectation of a trade off in performance when doing message level
authentication though. It is disappointing that java's role principles are not
backed by a hash lookup but the number of roles is normally small.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 521453)
Time Spent: 2h (was: 1h 50m)
> ActiveMQ5-like message-level authorization
> ------------------------------------------
>
> Key: ARTEMIS-1884
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1884
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
> Reporter: Johan Stenberg
> Priority: Major
> Time Spent: 2h
> Remaining Estimate: 0h
>
> In ActiveMQ 5 we have
> [MessageAuthorizationPolicy|https://activemq.apache.org/maven/apidocs/org/apache/activemq/security/MessageAuthorizationPolicy.html].
> We would need a similar feature in Artemis to being able to migrate to it.
> In Artemis exists the
> [ActiveMQServerPlugin#beforeDeliver|https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/ActiveMQServerPlugin.java#L502]
> callback method were we probably could prevent message delivery by throwing
> an exception but using exceptions for flow control feels like a very wrong
> thing to do here.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
