(JDK-8230297) Slow LoginContext.login() due to repeated ServiceLoader lookups
Seán Coffey
sean.coffey at oracle.com
Wed Aug 28 07:55:24 UTC 2019
Thanks Florent. Now visible at
https://bugs.openjdk.java.net/browse/JDK-8230297
regards,
Sean.
On 27/08/2019 20:04, Florent Guillaume wrote:
> I'm not an Author so I created the ticket on bugreport.java.com
> <http://bugreport.java.com>, it has the internal review ID 9062061
>
> Thanks,
> Florent
>
> On Tue, Aug 27, 2019 at 6:04 PM Seán Coffey <sean.coffey at oracle.com
> <mailto:sean.coffey at oracle.com>> wrote:
>
> Probably best to log a bug to capture this issue.
>
> It reminds me of another issue I've been meaning to wrap up:
> https://bugs.openjdk.java.net/browse/JDK-8223260
>
> Similar scenario in how the ContextFactory is searched for. My
> proposed
> patch is to cache a factory per classloader (for the NamingManager
> issue at least)
>
> regards,
> Sean.
>
> On 27/08/2019 16:16, Florent Guillaume wrote:
>> Hi,
>>
>> When switching from Java 8 to Java 11, we're experiencing an
>> important slowdown when executing LoginContext.login(),
>> especially under concurrency.
>>
>> We tracked this down to JDK-8047789 which changed the way the
>> lookup of LoginModules is done in LoginContext.invoke.
>> Previously, it was a simple Class.forName that is of course
>> extremely optimized. After JDK-8047789, there is first a
>> ServiceLoader-based lookup for the class. This lookup doesn't
>> seem to be cached. In our case, it has to open the 400+ JARs in
>> our classpath (we're not using modules yet) to check the content
>> of META-INF/services/javax.security.auth.spi.LoginModule, and in
>> addition this hits a synchronized block in ZipFile.getEntry which
>> prevents any performance under concurrency.
>>
>> Is there anything we can do to improve LoginContext.login() in
>> this context?
>>
>> For reference, the code path to the synchronized block:
>> at
>> java.util.zip.ZipFile.getEntry(java.base at 11.0.4/ZipFile.java:346
>> <mailto:java.base at 11.0.4/ZipFile.java:346>)
>> - locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
>> at
>> java.util.zip.ZipFile$1.getEntry(java.base at 11.0.4/ZipFile.java:1121
>> <mailto:java.base at 11.0.4/ZipFile.java:1121>)
>> at
>> java.util.jar.JarFile.getEntry0(java.base at 11.0.4/JarFile.java:576
>> <mailto:java.base at 11.0.4/JarFile.java:576>)
>> at
>> java.util.jar.JarFile.getEntry(java.base at 11.0.4/JarFile.java:506
>> <mailto:java.base at 11.0.4/JarFile.java:506>)
>> at
>> java.util.jar.JarFile.getJarEntry(java.base at 11.0.4/JarFile.java:468
>> <mailto:java.base at 11.0.4/JarFile.java:468>)
>> at
>> jdk.internal.loader.URLClassPath$JarLoader.getResource(java.base at 11.0.4/URLClassPath.java:929
>> <mailto:java.base at 11.0.4/URLClassPath.java:929>)
>> at
>> jdk.internal.loader.URLClassPath$JarLoader.findResource(java.base at 11.0.4/URLClassPath.java:912
>> <mailto:java.base at 11.0.4/URLClassPath.java:912>)
>> at
>> jdk.internal.loader.URLClassPath$1.next(java.base at 11.0.4/URLClassPath.java:341
>> <mailto:java.base at 11.0.4/URLClassPath.java:341>)
>> at
>> jdk.internal.loader.URLClassPath$1.hasMoreElements(java.base at 11.0.4/URLClassPath.java:351
>> <mailto:java.base at 11.0.4/URLClassPath.java:351>)
>> at
>> java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:687
>> <mailto:java.base at 11.0.4/URLClassLoader.java:687>)
>> at
>> java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:685
>> <mailto:java.base at 11.0.4/URLClassLoader.java:685>)
>> at
>> java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
>> <mailto:java.base at 11.0.4/Native> Method)
>> at
>> java.net.URLClassLoader$3.next(java.base at 11.0.4/URLClassLoader.java:684
>> <mailto:java.base at 11.0.4/URLClassLoader.java:684>)
>> at
>> java.net.URLClassLoader$3.hasMoreElements(java.base at 11.0.4/URLClassLoader.java:709
>> <mailto:java.base at 11.0.4/URLClassLoader.java:709>)
>> at
>> java.lang.CompoundEnumeration.next(java.base at 11.0.4/ClassLoader.java:3022
>> <mailto:java.base at 11.0.4/ClassLoader.java:3022>)
>> at
>> java.lang.CompoundEnumeration.hasMoreElements(java.base at 11.0.4/ClassLoader.java:3031
>> <mailto:java.base at 11.0.4/ClassLoader.java:3031>)
>> at
>> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
>> at
>> org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
>> at
>> java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(java.base at 11.0.4/ServiceLoader.java:1202
>> <mailto:java.base at 11.0.4/ServiceLoader.java:1202>)
>> at
>> java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(java.base at 11.0.4/ServiceLoader.java:1220
>> <mailto:java.base at 11.0.4/ServiceLoader.java:1220>)
>> at
>> java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(java.base at 11.0.4/ServiceLoader.java:1264
>> <mailto:java.base at 11.0.4/ServiceLoader.java:1264>)
>> at
>> java.util.ServiceLoader$2.hasNext(java.base at 11.0.4/ServiceLoader.java:1299
>> <mailto:java.base at 11.0.4/ServiceLoader.java:1299>)
>> at
>> java.util.ServiceLoader$3.hasNext(java.base at 11.0.4/ServiceLoader.java:1384
>> <mailto:java.base at 11.0.4/ServiceLoader.java:1384>)
>> at
>> javax.security.auth.login.LoginContext.invoke(java.base at 11.0.4/LoginContext.java:691
>> <mailto:java.base at 11.0.4/LoginContext.java:691>)
>> at
>> javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4/LoginContext.java:665
>> <mailto:java.base at 11.0.4/LoginContext.java:665>)
>> at
>> javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4/LoginContext.java:663
>> <mailto:java.base at 11.0.4/LoginContext.java:663>)
>> at
>> java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
>> <mailto:java.base at 11.0.4/Native> Method)
>> at
>> javax.security.auth.login.LoginContext.invokePriv(java.base at 11.0.4/LoginContext.java:663
>> <mailto:java.base at 11.0.4/LoginContext.java:663>)
>> at
>> javax.security.auth.login.LoginContext.login(java.base at 11.0.4/LoginContext.java:574
>> <mailto:java.base at 11.0.4/LoginContext.java:574>)
>>
>> Thanks,
>>
>> Florent
>>
>> --
>> Nuxeo Logo <https://www.nuxeo.com/>
>>
>> Florent Guillaume Head of R&D LinkedIn
>> <https://www.linkedin.com/in/fguillaume/> Twitter
>> <https://twitter.com/efge> Github <https://github.com/efge>
>>
>> Nuxeo Content Services Platform. Stay ahead.
>>
>
>
> --
> Nuxeo Logo <https://www.nuxeo.com/>
>
> Florent Guillaume Head of R&D LinkedIn
> <https://www.linkedin.com/in/fguillaume/> Twitter
> <https://twitter.com/efge> Github <https://github.com/efge>
>
> Nuxeo Content Services Platform. Stay ahead.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190828/77eda76a/attachment.htm>
More information about the security-dev
mailing list