Slow LoginContext.login() due to repeated ServiceLoader lookups
Florent Guillaume
fguillaume at nuxeo.com
Tue Aug 27 19:04:10 UTC 2019
I'm not an Author so I created the ticket on bugreport.java.com, it has
the internal review ID 9062061
Thanks,
Florent
On Tue, Aug 27, 2019 at 6:04 PM Seán Coffey <sean.coffey at oracle.com> wrote:
> Probably best to log a bug to capture this issue.
>
> It reminds me of another issue I've been meaning to wrap up:
> https://bugs.openjdk.java.net/browse/JDK-8223260
>
> Similar scenario in how the ContextFactory is searched for. My proposed
> patch is to cache a factory per classloader (for the NamingManager issue
> at least)
>
> regards,
> Sean.
> On 27/08/2019 16:16, Florent Guillaume wrote:
>
> Hi,
>
> When switching from Java 8 to Java 11, we're experiencing an important
> slowdown when executing LoginContext.login(), especially under concurrency.
>
> We tracked this down to JDK-8047789 which changed the way the lookup of
> LoginModules is done in LoginContext.invoke. Previously, it was a
> simple Class.forName that is of course extremely optimized.
> After JDK-8047789, there is first a ServiceLoader-based lookup for the
> class. This lookup doesn't seem to be cached. In our case, it has to open
> the 400+ JARs in our classpath (we're not using modules yet) to check the
> content of META-INF/services/javax.security.auth.spi.LoginModule, and in
> addition this hits a synchronized block in ZipFile.getEntry which prevents
> any performance under concurrency.
>
> Is there anything we can do to improve LoginContext.login() in this
> context?
>
> For reference, the code path to the synchronized block:
> at java.util.zip.ZipFile.getEntry(java.base at 11.0.4/ZipFile.java:346)
> - locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
> at java.util.zip.ZipFile$1.getEntry(java.base at 11.0.4/ZipFile.java:1121)
> at java.util.jar.JarFile.getEntry0(java.base at 11.0.4/JarFile.java:576)
> at java.util.jar.JarFile.getEntry(java.base at 11.0.4/JarFile.java:506)
> at java.util.jar.JarFile.getJarEntry(java.base at 11.0.4/JarFile.java:468)
> at jdk.internal.loader.URLClassPath$JarLoader.getResource(
> java.base at 11.0.4/URLClassPath.java:929)
> at jdk.internal.loader.URLClassPath$JarLoader.findResource(
> java.base at 11.0.4/URLClassPath.java:912)
> at jdk.internal.loader.URLClassPath$1.next(
> java.base at 11.0.4/URLClassPath.java:341)
> at jdk.internal.loader.URLClassPath$1.hasMoreElements(
> java.base at 11.0.4/URLClassPath.java:351)
> at java.net.URLClassLoader$3$1.run(
> java.base at 11.0.4/URLClassLoader.java:687)
> at java.net.URLClassLoader$3$1.run(
> java.base at 11.0.4/URLClassLoader.java:685)
> at java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
> Method)
> at java.net.URLClassLoader$3.next(java.base at 11.0.4/URLClassLoader.java:684
> )
> at java.net.URLClassLoader$3.hasMoreElements(
> java.base at 11.0.4/URLClassLoader.java:709)
> at java.lang.CompoundEnumeration.next(
> java.base at 11.0.4/ClassLoader.java:3022)
> at java.lang.CompoundEnumeration.hasMoreElements(
> java.base at 11.0.4/ClassLoader.java:3031)
> at
> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
> at
> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
> at java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(
> java.base at 11.0.4/ServiceLoader.java:1202)
> at java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(
> java.base at 11.0.4/ServiceLoader.java:1220)
> at java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(
> java.base at 11.0.4/ServiceLoader.java:1264)
> at java.util.ServiceLoader$2.hasNext(
> java.base at 11.0.4/ServiceLoader.java:1299)
> at java.util.ServiceLoader$3.hasNext(
> java.base at 11.0.4/ServiceLoader.java:1384)
> at javax.security.auth.login.LoginContext.invoke(
> java.base at 11.0.4/LoginContext.java:691)
> at javax.security.auth.login.LoginContext$4.run(
> java.base at 11.0.4/LoginContext.java:665)
> at javax.security.auth.login.LoginContext$4.run(
> java.base at 11.0.4/LoginContext.java:663)
> at java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
> Method)
> at javax.security.auth.login.LoginContext.invokePriv(
> java.base at 11.0.4/LoginContext.java:663)
> at javax.security.auth.login.LoginContext.login(
> java.base at 11.0.4/LoginContext.java:574)
>
> Thanks,
>
> Florent
>
> --
> [image: Nuxeo Logo] <https://www.nuxeo.com/>
>
> Florent Guillaume Head of R&D [image: LinkedIn]
> <https://www.linkedin.com/in/fguillaume/> [image: Twitter]
> <https://twitter.com/efge> [image: Github] <https://github.com/efge>
>
> Nuxeo Content Services Platform. Stay ahead.
>
>
--
[image: Nuxeo Logo] <https://www.nuxeo.com/>
Florent Guillaume Head of R&D [image: LinkedIn]
<https://www.linkedin.com/in/fguillaume/> [image: Twitter]
<https://twitter.com/efge> [image: Github] <https://github.com/efge>
Nuxeo Content Services Platform. Stay ahead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190827/1d787ec3/attachment.htm>
More information about the security-dev
mailing list