[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager
Bugs item #974735, was opened at 2004-06-17 06:32 Message generated for change (Comment added) made by starksm You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 Category: JBossSX Group: v3.2 Status: Open Resolution: None Priority: 5 Submitted By: iprigg (iprigg) Assigned to: Nobody/Anonymous (nobody) Summary: Slow performance of JaasSecurityManager Initial Comment: I am operating Jboss 3.2.3 on an Athlon XP 1400+ machine with 512 MB of RAM running Windows 2000 server. I am using JDK 1.4.1.I would like to report a bug in the jbossSX framework. In fact I don't know if it is actually a bug or just an implementation approach, that restricts the performance of the framework. I think it is the second, but I would like to know, whether it has been noticed and If there are plans for changing it.So lets continue with the description of the problem: What I have tried lately to do was to perform some benchmark testing of a service access control data model I have created. In order to do that I decided to use the jbossSX framework for performing access control on 200 stateless EJBs. The security data was stored in an LDAP server, so I have created 3 login modules that perform specific searches in it, retrieving roles and assigning them to users. All Login modules were specified as required.The benchmark involved thousand of invocations of these EJBs (they all belong in the same security domain), within a few minutes, through a stateless client EJB, using the org.jboss.security.ClientLoginModule in order to pass the security credentials (username and password) to the server. The ldap server contains the credentials of 1000 users. So in practice I had 1000 users randomly performing calls on the methods provided by 200 stateless EJBs. Each EJB contained 5 methods, each secured with a different role. Generation of invocation requests was extremely fast (about 3000 requests in a 3 minutes period). What I noticed, straight from the begining was that the whole process was extremely slow. For example 3000 invocations of the secured EJBs (notice that the business logic included in the EJB is minimal, just printing a string), consumes the following time: 1) if JAAS cache is disabled 50 minutes 2) if JAAS cache is enabled 15 minutes (notice however that we have at maximum 1000 security checks the same with the total number of users) Finally I have performed the same invocations without specifying a security domain for the EJBs and the testing was completed almost with the post of the final request (3 minutes).At first I suspected that the delay was due to the searches and the actual processing that takes place inside the Login Modules. However by measuring the actual time of each operation, I found out that less than 1% percent of the total execution time is spent there.After several tests, I found out that the actual problem was imposed by the JAASSecurityManager.class and speciffically its boolean method isValid(Principal principal, Object credential, Subject activeSubject), which is defined as synchronized. This results to all execution threads freezing upon accessing the method and ceasing their execution for very large periods of time. The more the threads accessing the class the more the experienced delay. Is that something that would be taken care in the future? or it just needs to be done on this way, so no possible solution is foreseen? -- Comment By: Scott M Stark (starksm) Date: 2004-12-29 12:52 Message: Logged In: YES user_id=175228 All issues have been moved to http://jira.jboss.com. Existing issues have been moved. New issues will be closed with this canned reponse. -- Comment By: iprigg (iprigg) Date: 2004-06-18 09:31 Message: Logged In: YES user_id=1065443 Indeed, I have tested the case you mention, removing the synchronized keyword. Of course, as you mention the functionality is not correct as, different threads are accessing different security contexts, resulting to a hell of exceptions. Here is my report: 1) Time for serving all requests is not significantly improved: a few minutes only, though this may be due to the random way requests are generated. 2) However, what has been significantly improved is the serving time as experienced by the service itself (service time=the period from the time the invocation of the EJB is performed until the result is returned) To be more specific when the synchronized keyword is present, and while requests are kept coming to the jboss system, each new request waits on the JaasSecurityManager, for a continuously increasing period. This wait is so long that after a certain period of high load (about 10 minutes), existing transactions start to rollback, (there is a default transaction timeout period of
[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager
Bugs item #974735, was opened at 2004-06-17 16:32 Message generated for change (Comment added) made by iprigg You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 Category: JBossSX Group: v3.2 Status: Open Resolution: None Priority: 5 Submitted By: iprigg (iprigg) Assigned to: Nobody/Anonymous (nobody) Summary: Slow performance of JaasSecurityManager Initial Comment: I am operating Jboss 3.2.3 on an Athlon XP 1400+ machine with 512 MB of RAM running Windows 2000 server. I am using JDK 1.4.1.I would like to report a bug in the jbossSX framework. In fact I don't know if it is actually a bug or just an implementation approach, that restricts the performance of the framework. I think it is the second, but I would like to know, whether it has been noticed and If there are plans for changing it.So lets continue with the description of the problem: What I have tried lately to do was to perform some benchmark testing of a service access control data model I have created. In order to do that I decided to use the jbossSX framework for performing access control on 200 stateless EJBs. The security data was stored in an LDAP server, so I have created 3 login modules that perform specific searches in it, retrieving roles and assigning them to users. All Login modules were specified as required.The benchmark involved thousand of invocations of these EJBs (they all belong in the same security domain), within a few minutes, through a stateless client EJB, using the org.jboss.security.ClientLoginModule in order to pass the security credentials (username and password) to the server. The ldap server contains the credentials of 1000 users. So in practice I had 1000 users randomly performing calls on the methods provided by 200 stateless EJBs. Each EJB contained 5 methods, each secured with a different role. Generation of invocation requests was extremely fast (about 3000 requests in a 3 minutes period). What I noticed, straight from the begining was that the whole process was extremely slow. For example 3000 invocations of the secured EJBs (notice that the business logic included in the EJB is minimal, just printing a string), consumes the following time: 1) if JAAS cache is disabled 50 minutes 2) if JAAS cache is enabled 15 minutes (notice however that we have at maximum 1000 security checks the same with the total number of users) Finally I have performed the same invocations without specifying a security domain for the EJBs and the testing was completed almost with the post of the final request (3 minutes).At first I suspected that the delay was due to the searches and the actual processing that takes place inside the Login Modules. However by measuring the actual time of each operation, I found out that less than 1% percent of the total execution time is spent there.After several tests, I found out that the actual problem was imposed by the JAASSecurityManager.class and speciffically its boolean method isValid(Principal principal, Object credential, Subject activeSubject), which is defined as synchronized. This results to all execution threads freezing upon accessing the method and ceasing their execution for very large periods of time. The more the threads accessing the class the more the experienced delay. Is that something that would be taken care in the future? or it just needs to be done on this way, so no possible solution is foreseen? -- Comment By: iprigg (iprigg) Date: 2004-06-18 19:31 Message: Logged In: YES user_id=1065443 Indeed, I have tested the case you mention, removing the synchronized keyword. Of course, as you mention the functionality is not correct as, different threads are accessing different security contexts, resulting to a hell of exceptions. Here is my report: 1) Time for serving all requests is not significantly improved: a few minutes only, though this may be due to the random way requests are generated. 2) However, what has been significantly improved is the serving time as experienced by the service itself (service time=the period from the time the invocation of the EJB is performed until the result is returned) To be more specific when the synchronized keyword is present, and while requests are kept coming to the jboss system, each new request waits on the JaasSecurityManager, for a continuously increasing period. This wait is so long that after a certain period of high load (about 10 minutes), existing transactions start to rollback, (there is a default transaction timeout period of 300 secs, configurable from the transaction Manager service). So I had to increase the timeout period to 3000 secs in order for my application to run properly. The measurements I took indicate that each request takes about 250 secs (mean service time) in order to be completed.Corresponding max time is above
[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager
Bugs item #974735, was opened at 2004-06-17 16:32 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 Category: JBossSX Group: v3.2 Status: Open Resolution: None Priority: 5 Submitted By: iprigg (iprigg) Assigned to: Nobody/Anonymous (nobody) Summary: Slow performance of JaasSecurityManager Initial Comment: I am operating Jboss 3.2.3 on an Athlon XP 1400+ machine with 512 MB of RAM running Windows 2000 server. I am using JDK 1.4.1.I would like to report a bug in the jbossSX framework. In fact I don't know if it is actually a bug or just an implementation approach, that restricts the performance of the framework. I think it is the second, but I would like to know, whether it has been noticed and If there are plans for changing it.So lets continue with the description of the problem: What I have tried lately to do was to perform some benchmark testing of a service access control data model I have created. In order to do that I decided to use the jbossSX framework for performing access control on 200 stateless EJBs. The security data was stored in an LDAP server, so I have created 3 login modules that perform specific searches in it, retrieving roles and assigning them to users. All Login modules were specified as required.The benchmark involved thousand of invocations of these EJBs (they all belong in the same security domain), within a few minutes, through a stateless client EJB, using the org.jboss.security.ClientLoginModule in order to pass the security credentials (username and password) to the server. The ldap server contains the credentials of 1000 users. So in practice I had 1000 users randomly performing calls on the methods provided by 200 stateless EJBs. Each EJB contained 5 methods, each secured with a different role. Generation of invocation requests was extremely fast (about 3000 requests in a 3 minutes period). What I noticed, straight from the begining was that the whole process was extremely slow. For example 3000 invocations of the secured EJBs (notice that the business logic included in the EJB is minimal, just printing a string), consumes the following time: 1) if JAAS cache is disabled 50 minutes 2) if JAAS cache is enabled 15 minutes (notice however that we have at maximum 1000 security checks the same with the total number of users) Finally I have performed the same invocations without specifying a security domain for the EJBs and the testing was completed almost with the post of the final request (3 minutes).At first I suspected that the delay was due to the searches and the actual processing that takes place inside the Login Modules. However by measuring the actual time of each operation, I found out that less than 1% percent of the total execution time is spent there.After several tests, I found out that the actual problem was imposed by the JAASSecurityManager.class and speciffically its boolean method isValid(Principal principal, Object credential, Subject activeSubject), which is defined as synchronized. This results to all execution threads freezing upon accessing the method and ceasing their execution for very large periods of time. The more the threads accessing the class the more the experienced delay. Is that something that would be taken care in the future? or it just needs to be done on this way, so no possible solution is foreseen? -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-974735 ] Slow performance of JaasSecurityManager
Bugs item #974735, was opened at 2004-06-17 15:32 Message generated for change (Comment added) made by slaboure You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 Category: JBossSX Group: v3.2 Status: Open Resolution: None Priority: 5 Submitted By: iprigg (iprigg) Assigned to: Nobody/Anonymous (nobody) Summary: Slow performance of JaasSecurityManager Initial Comment: I am operating Jboss 3.2.3 on an Athlon XP 1400+ machine with 512 MB of RAM running Windows 2000 server. I am using JDK 1.4.1.I would like to report a bug in the jbossSX framework. In fact I don't know if it is actually a bug or just an implementation approach, that restricts the performance of the framework. I think it is the second, but I would like to know, whether it has been noticed and If there are plans for changing it.So lets continue with the description of the problem: What I have tried lately to do was to perform some benchmark testing of a service access control data model I have created. In order to do that I decided to use the jbossSX framework for performing access control on 200 stateless EJBs. The security data was stored in an LDAP server, so I have created 3 login modules that perform specific searches in it, retrieving roles and assigning them to users. All Login modules were specified as required.The benchmark involved thousand of invocations of these EJBs (they all belong in the same security domain), within a few minutes, through a stateless client EJB, using the org.jboss.security.ClientLoginModule in order to pass the security credentials (username and password) to the server. The ldap server contains the credentials of 1000 users. So in practice I had 1000 users randomly performing calls on the methods provided by 200 stateless EJBs. Each EJB contained 5 methods, each secured with a different role. Generation of invocation requests was extremely fast (about 3000 requests in a 3 minutes period). What I noticed, straight from the begining was that the whole process was extremely slow. For example 3000 invocations of the secured EJBs (notice that the business logic included in the EJB is minimal, just printing a string), consumes the following time: 1) if JAAS cache is disabled 50 minutes 2) if JAAS cache is enabled 15 minutes (notice however that we have at maximum 1000 security checks the same with the total number of users) Finally I have performed the same invocations without specifying a security domain for the EJBs and the testing was completed almost with the post of the final request (3 minutes).At first I suspected that the delay was due to the searches and the actual processing that takes place inside the Login Modules. However by measuring the actual time of each operation, I found out that less than 1% percent of the total execution time is spent there.After several tests, I found out that the actual problem was imposed by the JAASSecurityManager.class and speciffically its boolean method isValid(Principal principal, Object credential, Subject activeSubject), which is defined as synchronized. This results to all execution threads freezing upon accessing the method and ceasing their execution for very large periods of time. The more the threads accessing the class the more the experienced delay. Is that something that would be taken care in the future? or it just needs to be done on this way, so no possible solution is foreseen? -- Comment By: Sacha Labourey (slaboure) Date: 2004-06-17 19:33 Message: Logged In: YES user_id=95900 to make sure that is the problem, could you please: - remove the synchronized keyword - recompile jboss - test the behaviour would not be strictly correct from a security standpoint but would at least be the proof that this is indeed the point of contention and the size of it. Cheers, sacha -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=974735group_id=22866 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development