Re: Slow LoginContext.login() due to repeated ServiceLoader lookups

[Seán Coffey]

Probably best to log a bug to capture this issue.

It reminds me of another issue I've been meaning to wrap up:
https://bugs.openjdk.java.net/browse/JDK-8223260
Similar scenario in how the ContextFactory is searched for. My proposed
patch is to cache a factory per classloader (for the NamingManager issue 
at least)

regards,
Sean.

On 27/08/2019 16:16, Florent Guillaume wrote:
Hi,

When switching from Java 8 to Java 11, we're experiencing an important 
slowdown when executing LoginContext.login(), especially under 
concurrency.

We tracked this down to JDK-8047789 which changed the way the lookup 
of LoginModules is done in LoginContext.invoke. Previously, it was a 
simple Class.forName that is of course extremely optimized. 
After JDK-8047789, there is first a ServiceLoader-based lookup for the 
class. This lookup doesn't seem to be cached. In our case, it has to 
open the 400+ JARs in our classpath (we're not using modules yet) to 
check the content 
of META-INF/services/javax.security.auth.spi.LoginModule, and in 
addition this hits a synchronized block in ZipFile.getEntry which 
prevents any performance under concurrency.

Is there anything we can do to improve LoginContext.login() in this 
context?

For reference, the code path to the synchronized block:
at java.util.zip.ZipFile.getEntry(java.base@11.0.4/ZipFile.java:346)
- locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
at java.util.zip.ZipFile$1.getEntry(java.base@11.0.4/ZipFile.java:1121)
at java.util.jar.JarFile.getEntry0(java.base@11.0.4/JarFile.java:576)
at java.util.jar.JarFile.getEntry(java.base@11.0.4/JarFile.java:506)
at java.util.jar.JarFile.getJarEntry(java.base@11.0.4/JarFile.java:468)
at 
jdk.internal.loader.URLClassPath$JarLoader.getResource(java.base@11.0.4/URLClassPath.java:929)
at 
jdk.internal.loader.URLClassPath$JarLoader.findResource(java.base@11.0.4/URLClassPath.java:912)
at 
jdk.internal.loader.URLClassPath$1.next(java.base@11.0.4/URLClassPath.java:341)
at 
jdk.internal.loader.URLClassPath$1.hasMoreElements(java.base@11.0.4/URLClassPath.java:351)
at 
java.net.URLClassLoader$3$1.run(java.base@11.0.4/URLClassLoader.java:687)
at 
java.net.URLClassLoader$3$1.run(java.base@11.0.4/URLClassLoader.java:685)
at java.security.AccessController.doPrivileged(java.base@11.0.4/Native 
Method)
at 
java.net.URLClassLoader$3.next(java.base@11.0.4/URLClassLoader.java:684)
at 
java.net.URLClassLoader$3.hasMoreElements(java.base@11.0.4/URLClassLoader.java:709)
at 
java.lang.CompoundEnumeration.next(java.base@11.0.4/ClassLoader.java:3022)
at 
java.lang.CompoundEnumeration.hasMoreElements(java.base@11.0.4/ClassLoader.java:3031)
at 
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
at 
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
at 
java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(java.base@11.0.4/ServiceLoader.java:1202)
at 
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(java.base@11.0.4/ServiceLoader.java:1220)
at 
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(java.base@11.0.4/ServiceLoader.java:1264)
at 
java.util.ServiceLoader$2.hasNext(java.base@11.0.4/ServiceLoader.java:1299)
at 
java.util.ServiceLoader$3.hasNext(java.base@11.0.4/ServiceLoader.java:1384)
at 
javax.security.auth.login.LoginContext.invoke(java.base@11.0.4/LoginContext.java:691)
at 
javax.security.auth.login.LoginContext$4.run(java.base@11.0.4/LoginContext.java:665)
at 
javax.security.auth.login.LoginContext$4.run(java.base@11.0.4/LoginContext.java:663)
at java.security.AccessController.doPrivileged(java.base@11.0.4/Native 
Method)
at 
javax.security.auth.login.LoginContext.invokePriv(java.base@11.0.4/LoginContext.java:663)
at 
javax.security.auth.login.LoginContext.login(java.base@11.0.4/LoginContext.java:574)

Thanks,

Florent

--
Nuxeo Logo <https://www.nuxeo.com/>       

Florent Guillaume  Head of R&D LinkedIn 
<https://www.linkedin.com/in/fguillaume/> Twitter 
<https://twitter.com/efge> Github <https://github.com/efge>

Nuxeo Content Services Platform. Stay ahead.