Slow LoginContext.login() due to repeated ServiceLoader lookups

[Florent Guillaume]

Hi,

When switching from Java 8 to Java 11, we're experiencing an important
slowdown when executing LoginContext.login(), especially under concurrency.

We tracked this down to JDK-8047789 which changed the way the lookup of
LoginModules is done in LoginContext.invoke. Previously, it was a
simple Class.forName that is of course extremely optimized.
After JDK-8047789, there is first a ServiceLoader-based lookup for the
class. This lookup doesn't seem to be cached. In our case, it has to open
the 400+ JARs in our classpath (we're not using modules yet) to check the
content of META-INF/services/javax.security.auth.spi.LoginModule, and in
addition this hits a synchronized block in ZipFile.getEntry which prevents
any performance under concurrency.

Is there anything we can do to improve LoginContext.login() in this context?

For reference, the code path to the synchronized block:
at java.util.zip.ZipFile.getEntry(java.base@11.0.4/ZipFile.java:346)
- locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
at java.util.zip.ZipFile$1.getEntry(java.base@11.0.4/ZipFile.java:1121)
at java.util.jar.JarFile.getEntry0(java.base@11.0.4/JarFile.java:576)
at java.util.jar.JarFile.getEntry(java.base@11.0.4/JarFile.java:506)
at java.util.jar.JarFile.getJarEntry(java.base@11.0.4/JarFile.java:468)
at jdk.internal.loader.URLClassPath$JarLoader.getResource(java.base@11.0.4
/URLClassPath.java:929)
at jdk.internal.loader.URLClassPath$JarLoader.findResource(java.base@11.0.4
/URLClassPath.java:912)
at jdk.internal.loader.URLClassPath$1.next(java.base@11.0.4
/URLClassPath.java:341)
at jdk.internal.loader.URLClassPath$1.hasMoreElements(java.base@11.0.4
/URLClassPath.java:351)
at java.net.URLClassLoader$3$1.run(java.base@11.0.4/URLClassLoader.java:687)
at java.net.URLClassLoader$3$1.run(java.base@11.0.4/URLClassLoader.java:685)
at java.security.AccessController.doPrivileged(java.base@11.0.4/Native
Method)
at java.net.URLClassLoader$3.next(java.base@11.0.4/URLClassLoader.java:684)
at java.net.URLClassLoader$3.hasMoreElements(java.base@11.0.4
/URLClassLoader.java:709)
at java.lang.CompoundEnumeration.next(java.base@11.0.4
/ClassLoader.java:3022)
at java.lang.CompoundEnumeration.hasMoreElements(java.base@11.0.4
/ClassLoader.java:3031)
at
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
at
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(java.base@11.0.4
/ServiceLoader.java:1202)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(java.base@11.0.4
/ServiceLoader.java:1220)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(java.base@11.0.4
/ServiceLoader.java:1264)
at java.util.ServiceLoader$2.hasNext(java.base@11.0.4
/ServiceLoader.java:1299)
at java.util.ServiceLoader$3.hasNext(java.base@11.0.4
/ServiceLoader.java:1384)
at javax.security.auth.login.LoginContext.invoke(java.base@11.0.4
/LoginContext.java:691)
at javax.security.auth.login.LoginContext$4.run(java.base@11.0.4
/LoginContext.java:665)
at javax.security.auth.login.LoginContext$4.run(java.base@11.0.4
/LoginContext.java:663)
at java.security.AccessController.doPrivileged(java.base@11.0.4/Native
Method)
at javax.security.auth.login.LoginContext.invokePriv(java.base@11.0.4
/LoginContext.java:663)
at javax.security.auth.login.LoginContext.login(java.base@11.0.4
/LoginContext.java:574)

Thanks,

Florent

-- 
[image: Nuxeo Logo] <https://www.nuxeo.com/>

Florent Guillaume  Head of R&D  [image: LinkedIn]
<https://www.linkedin.com/in/fguillaume/> [image: Twitter]
<https://twitter.com/efge> [image: Github] <https://github.com/efge>

Nuxeo Content Services Platform. Stay ahead.