[ https://issues.apache.org/jira/browse/OAK-6818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16253473#comment-16253473 ]
Alex Deparvu commented on OAK-6818: ----------------------------------- [~anchela] I added a benchmark to the existing patch. see WIP branch here [0]. Benchmark results (1k users, no concurrency): {noformat} (threshold = -1, this should be the baseline) Apache Jackrabbit Oak # LoginWithTokensTest C min 10% 50% 90% max N Oak-MemoryNS 1 2 3 4 6 15 13901 Oak-Segment-Tar 1 1 1 2 2 152 29909 (threshold = 1, worst case, cleanup happens after each commit) # LoginWithTokensTest C min 10% 50% 90% max N Oak-MemoryNS 1 2 3 4 6 18 13449 Oak-Segment-Tar 1 1 2 2 3 213 26970 (threshold = 100) # LoginWithTokensTest C min 10% 50% 90% max N Oak-MemoryNS 1 2 3 4 6 12 14084 Oak-Segment-Tar 1 1 2 2 3 156 27405 {noformat} [0] https://github.com/apache/jackrabbit-oak/compare/trunk...stillalex:oak-6818 > TokenAuthentication/TokenProviderImpl: cleanup expired tokens > ------------------------------------------------------------- > > Key: OAK-6818 > URL: https://issues.apache.org/jira/browse/OAK-6818 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: core, security > Reporter: angela > Assignee: angela > Fix For: 1.8 > > Attachments: OAK-6818-osgi-test.patch, OAK-6818.patch > > > During token based authentication a given token node gets removed if it is > found to have expired in the mean time: > Extract from {{TokenAuthentication.validateCredentials(TokenCredentials)}} as > it works today: > {code} > [...] > if (tokenInfo.isExpired(loginTime)) { > tokenInfo.remove(); > return false; > } > [...] > {code} > However, this doesn't cope with those cases where expired tokens are being > left behind without ever being caught by cleanup (e.g. new token issued and > never try to login with expired token). So, this issue is about an extension > that would allow to somehow/somewhen cleanup those tokens during > authentication. In order not to cause extra overhead to the login we should > set a limit (e.g. number of token nodes) that would only trigger the cleanup > every now and then and not doing it all the time. > What also needs to be clarified/investigated: would cleanup only be triggered > in case of a failure? > cc: [~stillalex], [~tmueller], [~chetanm], [~asanso] -- This message was sent by Atlassian JIRA (v6.4.14#64029)