[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager

2004-12-29 Thread SourceForge.net
Bugs item #974735, was opened at 2004-06-17 06:32
Message generated for change (Comment added) made by starksm
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866

Category: JBossSX
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: iprigg (iprigg)
Assigned to: Nobody/Anonymous (nobody)
Summary: Slow performance of JaasSecurityManager

Initial Comment:
I am operating Jboss 3.2.3 on an Athlon XP 1400+ 
machine with 512 MB of RAM running Windows 2000 
server. I am using JDK 1.4.1.I would like to report a bug 
in the jbossSX framework. In fact I don't know if it is 
actually a bug or just an implementation approach, that 
restricts the performance of the framework. I think it is 
the second, but I would like to know, whether it has 
been noticed and If there are plans for changing it.So 
lets continue with the description of the problem:
What I have tried lately to do was to perform some 
benchmark testing of a service access control data 
model I have created. In order to do that I decided to 
use the jbossSX framework for performing access control 
on 200 stateless EJBs. The security data was stored in 
an LDAP server, so I have created 3 login modules that 
perform specific searches in it, retrieving roles and 
assigning them to users. All Login modules were specified 
as required.The benchmark involved thousand of 
invocations of these EJBs (they all belong in the same 
security domain), within a few minutes, through a 
stateless client EJB, using 
the org.jboss.security.ClientLoginModule in order to 
pass the security credentials (username and password) 
to the server. The ldap server contains the credentials 
of 1000 users. So in practice I had 1000 users randomly 
performing calls on the methods provided by 200 
stateless EJBs. Each EJB contained 5 methods, each 
secured with a different role. Generation of invocation 
requests was extremely fast (about 3000 requests in a 3 
minutes period).
What I noticed, straight from the begining was that the 
whole process was extremely slow. For example 3000 
invocations of the secured EJBs (notice that the 
business logic included in the EJB is minimal, just printing 
a string), consumes the following time:
1) if JAAS cache is disabled 50 minutes
2) if JAAS cache is enabled 15 minutes (notice however 
that we have at maximum 1000 security checks the 
same with the total number of users)
Finally I have performed the same invocations without 
specifying a security domain for the EJBs and the testing 
was completed almost with the post of the final request 
(3 minutes).At first I suspected that the delay was due 
to the searches and the actual processing that takes 
place inside the Login Modules. However by measuring 
the actual time of each operation, I found out that less 
than 1% percent of the total execution time is spent 
there.After several tests, I found out that the actual 
problem was imposed by 
the JAASSecurityManager.class and speciffically its 
boolean method isValid(Principal principal, Object 
credential, Subject activeSubject), which is defined as 
synchronized. This results to all execution threads 
freezing upon accessing the method and ceasing their 
execution for very large periods of time. The more the 
threads accessing the class the more the experienced 
delay.
Is that something that would be taken care in the 
future? or it just needs to be done on this way, so no 
possible solution is foreseen?

--

Comment By: Scott M Stark (starksm)
Date: 2004-12-29 12:52

Message:
Logged In: YES 
user_id=175228

All issues have been moved to http://jira.jboss.com. Existing
issues have been moved. New issues will be closed with this
canned reponse.

--

Comment By: iprigg (iprigg)
Date: 2004-06-18 09:31

Message:
Logged In: YES 
user_id=1065443

Indeed, I have tested the case you mention, removing the 
synchronized keyword. Of course, as you mention the 
functionality is not correct as, different threads are accessing 
different security contexts, resulting to a hell of exceptions.
Here is my report:
1) Time for serving all requests is not significantly improved: a 
few minutes only, though this may be due to the random way 
requests are generated.  

2) However, what has been significantly improved is the 
serving time as experienced by the service itself (service 
time=the period from the time the invocation of the EJB is 
performed until the result is returned)
To be more specific when the synchronized keyword is 
present, and while requests are kept coming to the jboss 
system, each new request waits on the JaasSecurityManager, 
for a continuously increasing period. This wait is so long that 
after a certain period of high load (about 10 minutes), existing 
transactions start to rollback, (there is a default transaction 
timeout period of 

[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager

2004-06-18 Thread SourceForge.net
Bugs item #974735, was opened at 2004-06-17 16:32
Message generated for change (Comment added) made by iprigg
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866

Category: JBossSX
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: iprigg (iprigg)
Assigned to: Nobody/Anonymous (nobody)
Summary: Slow performance of JaasSecurityManager

Initial Comment:
I am operating Jboss 3.2.3 on an Athlon XP 1400+ 
machine with 512 MB of RAM running Windows 2000 
server. I am using JDK 1.4.1.I would like to report a bug 
in the jbossSX framework. In fact I don't know if it is 
actually a bug or just an implementation approach, that 
restricts the performance of the framework. I think it is 
the second, but I would like to know, whether it has 
been noticed and If there are plans for changing it.So 
lets continue with the description of the problem:
What I have tried lately to do was to perform some 
benchmark testing of a service access control data 
model I have created. In order to do that I decided to 
use the jbossSX framework for performing access control 
on 200 stateless EJBs. The security data was stored in 
an LDAP server, so I have created 3 login modules that 
perform specific searches in it, retrieving roles and 
assigning them to users. All Login modules were specified 
as required.The benchmark involved thousand of 
invocations of these EJBs (they all belong in the same 
security domain), within a few minutes, through a 
stateless client EJB, using 
the org.jboss.security.ClientLoginModule in order to 
pass the security credentials (username and password) 
to the server. The ldap server contains the credentials 
of 1000 users. So in practice I had 1000 users randomly 
performing calls on the methods provided by 200 
stateless EJBs. Each EJB contained 5 methods, each 
secured with a different role. Generation of invocation 
requests was extremely fast (about 3000 requests in a 3 
minutes period).
What I noticed, straight from the begining was that the 
whole process was extremely slow. For example 3000 
invocations of the secured EJBs (notice that the 
business logic included in the EJB is minimal, just printing 
a string), consumes the following time:
1) if JAAS cache is disabled 50 minutes
2) if JAAS cache is enabled 15 minutes (notice however 
that we have at maximum 1000 security checks the 
same with the total number of users)
Finally I have performed the same invocations without 
specifying a security domain for the EJBs and the testing 
was completed almost with the post of the final request 
(3 minutes).At first I suspected that the delay was due 
to the searches and the actual processing that takes 
place inside the Login Modules. However by measuring 
the actual time of each operation, I found out that less 
than 1% percent of the total execution time is spent 
there.After several tests, I found out that the actual 
problem was imposed by 
the JAASSecurityManager.class and speciffically its 
boolean method isValid(Principal principal, Object 
credential, Subject activeSubject), which is defined as 
synchronized. This results to all execution threads 
freezing upon accessing the method and ceasing their 
execution for very large periods of time. The more the 
threads accessing the class the more the experienced 
delay.
Is that something that would be taken care in the 
future? or it just needs to be done on this way, so no 
possible solution is foreseen?

--

Comment By: iprigg (iprigg)
Date: 2004-06-18 19:31

Message:
Logged In: YES 
user_id=1065443

Indeed, I have tested the case you mention, removing the 
synchronized keyword. Of course, as you mention the 
functionality is not correct as, different threads are accessing 
different security contexts, resulting to a hell of exceptions.
Here is my report:
1) Time for serving all requests is not significantly improved: a 
few minutes only, though this may be due to the random way 
requests are generated.  

2) However, what has been significantly improved is the 
serving time as experienced by the service itself (service 
time=the period from the time the invocation of the EJB is 
performed until the result is returned)
To be more specific when the synchronized keyword is 
present, and while requests are kept coming to the jboss 
system, each new request waits on the JaasSecurityManager, 
for a continuously increasing period. This wait is so long that 
after a certain period of high load (about 10 minutes), existing 
transactions start to rollback, (there is a default transaction 
timeout period of 300 secs, configurable from the transaction 
Manager service). So I had to increase the timeout period to 
3000 secs in order for my application to run properly. The 
measurements I took indicate that each request takes about 
250 secs (mean service time) in order to be 
completed.Corresponding max time is above 

[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager

2004-06-17 Thread SourceForge.net
Bugs item #974735, was opened at 2004-06-17 16:32
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866

Category: JBossSX
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: iprigg (iprigg)
Assigned to: Nobody/Anonymous (nobody)
Summary: Slow performance of JaasSecurityManager

Initial Comment:
I am operating Jboss 3.2.3 on an Athlon XP 1400+ 
machine with 512 MB of RAM running Windows 2000 
server. I am using JDK 1.4.1.I would like to report a bug 
in the jbossSX framework. In fact I don't know if it is 
actually a bug or just an implementation approach, that 
restricts the performance of the framework. I think it is 
the second, but I would like to know, whether it has 
been noticed and If there are plans for changing it.So 
lets continue with the description of the problem:
What I have tried lately to do was to perform some 
benchmark testing of a service access control data 
model I have created. In order to do that I decided to 
use the jbossSX framework for performing access control 
on 200 stateless EJBs. The security data was stored in 
an LDAP server, so I have created 3 login modules that 
perform specific searches in it, retrieving roles and 
assigning them to users. All Login modules were specified 
as required.The benchmark involved thousand of 
invocations of these EJBs (they all belong in the same 
security domain), within a few minutes, through a 
stateless client EJB, using 
the org.jboss.security.ClientLoginModule in order to 
pass the security credentials (username and password) 
to the server. The ldap server contains the credentials 
of 1000 users. So in practice I had 1000 users randomly 
performing calls on the methods provided by 200 
stateless EJBs. Each EJB contained 5 methods, each 
secured with a different role. Generation of invocation 
requests was extremely fast (about 3000 requests in a 3 
minutes period).
What I noticed, straight from the begining was that the 
whole process was extremely slow. For example 3000 
invocations of the secured EJBs (notice that the 
business logic included in the EJB is minimal, just printing 
a string), consumes the following time:
1) if JAAS cache is disabled 50 minutes
2) if JAAS cache is enabled 15 minutes (notice however 
that we have at maximum 1000 security checks the 
same with the total number of users)
Finally I have performed the same invocations without 
specifying a security domain for the EJBs and the testing 
was completed almost with the post of the final request 
(3 minutes).At first I suspected that the delay was due 
to the searches and the actual processing that takes 
place inside the Login Modules. However by measuring 
the actual time of each operation, I found out that less 
than 1% percent of the total execution time is spent 
there.After several tests, I found out that the actual 
problem was imposed by 
the JAASSecurityManager.class and speciffically its 
boolean method isValid(Principal principal, Object 
credential, Subject activeSubject), which is defined as 
synchronized. This results to all execution threads 
freezing upon accessing the method and ceasing their 
execution for very large periods of time. The more the 
threads accessing the class the more the experienced 
delay.
Is that something that would be taken care in the 
future? or it just needs to be done on this way, so no 
possible solution is foreseen?

--

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866


---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development


[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager

2004-06-17 Thread SourceForge.net
Bugs item #974735, was opened at 2004-06-17 15:32
Message generated for change (Comment added) made by slaboure
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866

Category: JBossSX
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: iprigg (iprigg)
Assigned to: Nobody/Anonymous (nobody)
Summary: Slow performance of JaasSecurityManager

Initial Comment:
I am operating Jboss 3.2.3 on an Athlon XP 1400+ 
machine with 512 MB of RAM running Windows 2000 
server. I am using JDK 1.4.1.I would like to report a bug 
in the jbossSX framework. In fact I don't know if it is 
actually a bug or just an implementation approach, that 
restricts the performance of the framework. I think it is 
the second, but I would like to know, whether it has 
been noticed and If there are plans for changing it.So 
lets continue with the description of the problem:
What I have tried lately to do was to perform some 
benchmark testing of a service access control data 
model I have created. In order to do that I decided to 
use the jbossSX framework for performing access control 
on 200 stateless EJBs. The security data was stored in 
an LDAP server, so I have created 3 login modules that 
perform specific searches in it, retrieving roles and 
assigning them to users. All Login modules were specified 
as required.The benchmark involved thousand of 
invocations of these EJBs (they all belong in the same 
security domain), within a few minutes, through a 
stateless client EJB, using 
the org.jboss.security.ClientLoginModule in order to 
pass the security credentials (username and password) 
to the server. The ldap server contains the credentials 
of 1000 users. So in practice I had 1000 users randomly 
performing calls on the methods provided by 200 
stateless EJBs. Each EJB contained 5 methods, each 
secured with a different role. Generation of invocation 
requests was extremely fast (about 3000 requests in a 3 
minutes period).
What I noticed, straight from the begining was that the 
whole process was extremely slow. For example 3000 
invocations of the secured EJBs (notice that the 
business logic included in the EJB is minimal, just printing 
a string), consumes the following time:
1) if JAAS cache is disabled 50 minutes
2) if JAAS cache is enabled 15 minutes (notice however 
that we have at maximum 1000 security checks the 
same with the total number of users)
Finally I have performed the same invocations without 
specifying a security domain for the EJBs and the testing 
was completed almost with the post of the final request 
(3 minutes).At first I suspected that the delay was due 
to the searches and the actual processing that takes 
place inside the Login Modules. However by measuring 
the actual time of each operation, I found out that less 
than 1% percent of the total execution time is spent 
there.After several tests, I found out that the actual 
problem was imposed by 
the JAASSecurityManager.class and speciffically its 
boolean method isValid(Principal principal, Object 
credential, Subject activeSubject), which is defined as 
synchronized. This results to all execution threads 
freezing upon accessing the method and ceasing their 
execution for very large periods of time. The more the 
threads accessing the class the more the experienced 
delay.
Is that something that would be taken care in the 
future? or it just needs to be done on this way, so no 
possible solution is foreseen?

--

Comment By: Sacha Labourey (slaboure)
Date: 2004-06-17 19:33

Message:
Logged In: YES 
user_id=95900

to make sure that is the problem, could you please:
 - remove the synchronized keyword
 - recompile jboss
 - test

the behaviour would not be strictly correct from a security 
standpoint but would at least be the proof that this is indeed 
the point of contention and the size of it.

Cheers,


sacha

--

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866


---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development