(JDK-8230297) Slow LoginContext.login() due to repeated ServiceLoader lookups

Seán Coffey sean.coffey at oracle.com
Wed Aug 28 07:55:24 UTC 2019 

Thanks Florent. Now visible at 
https://bugs.openjdk.java.net/browse/JDK-8230297

regards,
Sean.

On 27/08/2019 20:04, Florent Guillaume wrote:
> I'm not an Author so I created the ticket on bugreport.java.com 
> <http://bugreport.java.com>, it has the internal review ID 9062061
>
> Thanks,
> Florent
>
> On Tue, Aug 27, 2019 at 6:04 PM Seán Coffey <sean.coffey at oracle.com 
> <mailto:sean.coffey at oracle.com>> wrote:
>
>     Probably best to log a bug to capture this issue.
>
>     It reminds me of another issue I've been meaning to wrap up:
>     https://bugs.openjdk.java.net/browse/JDK-8223260
>
>     Similar scenario in how the ContextFactory is searched for. My
>     proposed
>     patch is to cache a factory per classloader (for the NamingManager
>     issue at least)
>
>     regards,
>     Sean.
>
>     On 27/08/2019 16:16, Florent Guillaume wrote:
>>     Hi,
>>
>>     When switching from Java 8 to Java 11, we're experiencing an
>>     important slowdown when executing LoginContext.login(),
>>     especially under concurrency.
>>
>>     We tracked this down to JDK-8047789 which changed the way the
>>     lookup of LoginModules is done in LoginContext.invoke.
>>     Previously, it was a simple Class.forName that is of course
>>     extremely optimized. After JDK-8047789, there is first a
>>     ServiceLoader-based lookup for the class. This lookup doesn't
>>     seem to be cached. In our case, it has to open the 400+ JARs in
>>     our classpath (we're not using modules yet) to check the content
>>     of META-INF/services/javax.security.auth.spi.LoginModule, and in
>>     addition this hits a synchronized block in ZipFile.getEntry which
>>     prevents any performance under concurrency.
>>
>>     Is there anything we can do to improve LoginContext.login() in
>>     this context?
>>
>>     For reference, the code path to the synchronized block:
>>     at
>>     java.util.zip.ZipFile.getEntry(java.base at 11.0.4/ZipFile.java:346
>>     <mailto:java.base at 11.0.4/ZipFile.java:346>)
>>     - locked <0x000000068b18bdd0> (a java.util.jar.JarFile)
>>     at
>>     java.util.zip.ZipFile$1.getEntry(java.base at 11.0.4/ZipFile.java:1121
>>     <mailto:java.base at 11.0.4/ZipFile.java:1121>)
>>     at
>>     java.util.jar.JarFile.getEntry0(java.base at 11.0.4/JarFile.java:576
>>     <mailto:java.base at 11.0.4/JarFile.java:576>)
>>     at
>>     java.util.jar.JarFile.getEntry(java.base at 11.0.4/JarFile.java:506
>>     <mailto:java.base at 11.0.4/JarFile.java:506>)
>>     at
>>     java.util.jar.JarFile.getJarEntry(java.base at 11.0.4/JarFile.java:468
>>     <mailto:java.base at 11.0.4/JarFile.java:468>)
>>     at
>>     jdk.internal.loader.URLClassPath$JarLoader.getResource(java.base at 11.0.4/URLClassPath.java:929
>>     <mailto:java.base at 11.0.4/URLClassPath.java:929>)
>>     at
>>     jdk.internal.loader.URLClassPath$JarLoader.findResource(java.base at 11.0.4/URLClassPath.java:912
>>     <mailto:java.base at 11.0.4/URLClassPath.java:912>)
>>     at
>>     jdk.internal.loader.URLClassPath$1.next(java.base at 11.0.4/URLClassPath.java:341
>>     <mailto:java.base at 11.0.4/URLClassPath.java:341>)
>>     at
>>     jdk.internal.loader.URLClassPath$1.hasMoreElements(java.base at 11.0.4/URLClassPath.java:351
>>     <mailto:java.base at 11.0.4/URLClassPath.java:351>)
>>     at
>>     java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:687
>>     <mailto:java.base at 11.0.4/URLClassLoader.java:687>)
>>     at
>>     java.net.URLClassLoader$3$1.run(java.base at 11.0.4/URLClassLoader.java:685
>>     <mailto:java.base at 11.0.4/URLClassLoader.java:685>)
>>     at
>>     java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
>>     <mailto:java.base at 11.0.4/Native> Method)
>>     at
>>     java.net.URLClassLoader$3.next(java.base at 11.0.4/URLClassLoader.java:684
>>     <mailto:java.base at 11.0.4/URLClassLoader.java:684>)
>>     at
>>     java.net.URLClassLoader$3.hasMoreElements(java.base at 11.0.4/URLClassLoader.java:709
>>     <mailto:java.base at 11.0.4/URLClassLoader.java:709>)
>>     at
>>     java.lang.CompoundEnumeration.next(java.base at 11.0.4/ClassLoader.java:3022
>>     <mailto:java.base at 11.0.4/ClassLoader.java:3022>)
>>     at
>>     java.lang.CompoundEnumeration.hasMoreElements(java.base at 11.0.4/ClassLoader.java:3031
>>     <mailto:java.base at 11.0.4/ClassLoader.java:3031>)
>>     at
>>     org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.inc(WebappClassLoaderBase.java:2670)
>>     at
>>     org.apache.catalina.loader.WebappClassLoaderBase$CombinedEnumeration.hasMoreElements(WebappClassLoaderBase.java:2655)
>>     at
>>     java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(java.base at 11.0.4/ServiceLoader.java:1202
>>     <mailto:java.base at 11.0.4/ServiceLoader.java:1202>)
>>     at
>>     java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(java.base at 11.0.4/ServiceLoader.java:1220
>>     <mailto:java.base at 11.0.4/ServiceLoader.java:1220>)
>>     at
>>     java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(java.base at 11.0.4/ServiceLoader.java:1264
>>     <mailto:java.base at 11.0.4/ServiceLoader.java:1264>)
>>     at
>>     java.util.ServiceLoader$2.hasNext(java.base at 11.0.4/ServiceLoader.java:1299
>>     <mailto:java.base at 11.0.4/ServiceLoader.java:1299>)
>>     at
>>     java.util.ServiceLoader$3.hasNext(java.base at 11.0.4/ServiceLoader.java:1384
>>     <mailto:java.base at 11.0.4/ServiceLoader.java:1384>)
>>     at
>>     javax.security.auth.login.LoginContext.invoke(java.base at 11.0.4/LoginContext.java:691
>>     <mailto:java.base at 11.0.4/LoginContext.java:691>)
>>     at
>>     javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4/LoginContext.java:665
>>     <mailto:java.base at 11.0.4/LoginContext.java:665>)
>>     at
>>     javax.security.auth.login.LoginContext$4.run(java.base at 11.0.4/LoginContext.java:663
>>     <mailto:java.base at 11.0.4/LoginContext.java:663>)
>>     at
>>     java.security.AccessController.doPrivileged(java.base at 11.0.4/Native
>>     <mailto:java.base at 11.0.4/Native> Method)
>>     at
>>     javax.security.auth.login.LoginContext.invokePriv(java.base at 11.0.4/LoginContext.java:663
>>     <mailto:java.base at 11.0.4/LoginContext.java:663>)
>>     at
>>     javax.security.auth.login.LoginContext.login(java.base at 11.0.4/LoginContext.java:574
>>     <mailto:java.base at 11.0.4/LoginContext.java:574>)
>>
>>     Thanks,
>>
>>     Florent
>>
>>     -- 
>>     Nuxeo Logo <https://www.nuxeo.com/> 	
>>
>>     Florent Guillaume  Head of R&D LinkedIn
>>     <https://www.linkedin.com/in/fguillaume/> Twitter
>>     <https://twitter.com/efge> Github <https://github.com/efge>
>>
>>     Nuxeo Content Services Platform. Stay ahead.
>>
>
>
> -- 
> Nuxeo Logo <https://www.nuxeo.com/> 	
>
> Florent Guillaume Head of R&D LinkedIn 
> <https://www.linkedin.com/in/fguillaume/> Twitter 
> <https://twitter.com/efge> Github <https://github.com/efge>
>
> Nuxeo Content Services Platform. Stay ahead.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190828/77eda76a/attachment.htm>

More information about the security-dev mailing list