Slow LoginContext.login() due to repeated ServiceLoader lookups

Tue Aug 27 15:16:58 UTC 2019

Hi,

When switching from Java 8 to Java 11, we're experiencing an important
slowdown when executing LoginContext.login(), especially under concurrency.

We tracked this down to JDK-8047789 which changed the way the lookup of
LoginModules is done in LoginContext.invoke. Previously, it was a
simple Class.forName that is of course extremely optimized.
After JDK-8047789, there is first a ServiceLoader-based lookup for the
class. This lookup doesn't seem to be cached. In our case, it has to open
the 400+ JARs in our classpath (we're not using modules yet) to check the
content of META-INF/services/javax.security.auth.spi.LoginModule, and in
addition this hits a synchronized block in ZipFile.getEntry which prevents
any performance under concurrency.

Is there anything we can do to improve LoginContext.login() in this context?

For reference, the code path to the synchronized block:
at java.util.zip.ZipFile.getEntry(java.base at 11.0.4/ZipFile.java:346)
- locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
at java.util.zip.ZipFile$1.getEntry(java.base at 11.0.4/ZipFile.java:1121)
at java.util.jar.JarFile.getEntry0(java.base at 11.0.4/JarFile.java:576)
at java.util.jar.JarFile.getEntry(java.base at 11.0.4/JarFile.java:506)
at java.util.jar.JarFile.getJarEntry(java.base at 11.0.4/JarFile.java:468)
at jdk.internal.loader.URLClassPath$JarLoader.getResource(java.base at 11.0.4
/URLClassPath.java:929)
at jdk.internal.loader.URLClassPath$JarLoader.findResource(java.base at 11.0.4
/URLClassPath.java:912)
at jdk.internal.loader.URLClassPath$1.next(java.base at 11.0.4
/URLClassPath.java:341)
at jdk.internal.loader.URLClassPath$1.hasMoreElements(java.base at 11.0.4
/URLClassPath.java:351)
at java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:687)
at java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:685)
at java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
Method)
at java.net.URLClassLoader$3.next(java.base at 11.0.4/URLClassLoader.java:684)
at java.net.URLClassLoader$3.hasMoreElements(java.base at 11.0.4
/URLClassLoader.java:709)
at java.lang.CompoundEnumeration.next(java.base at 11.0.4
/ClassLoader.java:3022)
at java.lang.CompoundEnumeration.hasMoreElements(java.base at 11.0.4
/ClassLoader.java:3031)
at
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
at
org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(java.base at 11.0.4
/ServiceLoader.java:1202)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(java.base at 11.0.4
/ServiceLoader.java:1220)
at
java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(java.base at 11.0.4
/ServiceLoader.java:1264)
at java.util.ServiceLoader$2.hasNext(java.base at 11.0.4
/ServiceLoader.java:1299)
at java.util.ServiceLoader$3.hasNext(java.base at 11.0.4
/ServiceLoader.java:1384)
at javax.security.auth.login.LoginContext.invoke(java.base at 11.0.4
/LoginContext.java:691)
at javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4
/LoginContext.java:665)
at javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4
/LoginContext.java:663)
at java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
Method)
at javax.security.auth.login.LoginContext.invokePriv(java.base at 11.0.4
/LoginContext.java:663)
at javax.security.auth.login.LoginContext.login(java.base at 11.0.4
/LoginContext.java:574)

Thanks,

Florent

-- 
[image: Nuxeo Logo] <https://www.nuxeo.com/>

Florent Guillaume  Head of R&D  [image: LinkedIn]
<https://www.linkedin.com/in/fguillaume/> [image: Twitter]
<https://twitter.com/efge> [image: Github] <https://github.com/efge>

Nuxeo Content Services Platform. Stay ahead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190827/bc1efbfe/attachment.htm>