Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring BasicAuthenticationFilter.doFilter() very slow

In my Spring Boot 2.0.5 App I'm using basic-auth to secure REST-API's.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
   @Override
   protected void configure(final HttpSecurity http) throws Exception {
       http.authorizeRequests().antMatchers("/api/**").authenticated().and()
       .httpBasic().and().csrf().disable();
   }
   @Bean
   public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
    final InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
    manager.createUser("user").password("pwd").roles("roles").build()));
    return manager;
    }
}

One of these API's is used by a Feign client (another Spring Boot App) with Feigns BasicAuthRequestInterceptor.

NewRelic reports for every Webservice request that Spring's BasicAuthenticationFilter.doFilter() uses up to 10 seconds (!).

That is a massive overhead. What is wrong here and what can I do to speed things up?

like image 785
saimonsez Avatar asked Jul 15 '26 13:07

saimonsez


1 Answers

I was also facing the same issue. My TPS was 40 for 150 simultaneous threads. We analyzed the issue and found that the issue is with the Bcrypt encoding algorithm. Change the strength to a lower value. Like below.

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(4);
}

The default strength of BCryptPasswordEncoder is 10. Reduce it to 4. Also update the passwords in password store.

Also, if you are using HikariCP, please follow this link to fine-tune the maximum pool size.

Currently, My TPS is 300+ for 2 core CUP for 300 simultaneous threads

Hope this helps. Thank you.

like image 187
Khader M A Avatar answered Jul 17 '26 17:07

Khader M A



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!