In my Spring Boot 2.0.5 App I'm using basic-auth to secure REST-API's.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/**").authenticated().and()
.httpBasic().and().csrf().disable();
}
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
final InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser("user").password("pwd").roles("roles").build()));
return manager;
}
}
One of these API's is used by a Feign client (another Spring Boot App) with Feigns BasicAuthRequestInterceptor.
NewRelic reports for every Webservice request that Spring's BasicAuthenticationFilter.doFilter() uses up to 10 seconds (!).
That is a massive overhead. What is wrong here and what can I do to speed things up?
I was also facing the same issue. My TPS was 40 for 150 simultaneous threads. We analyzed the issue and found that the issue is with the Bcrypt encoding algorithm. Change the strength to a lower value. Like below.
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(4);
}
The default strength of BCryptPasswordEncoder is 10. Reduce it to 4. Also update the passwords in password store.
Also, if you are using HikariCP, please follow this link to fine-tune the maximum pool size.
Currently, My TPS is 300+ for 2 core CUP for 300 simultaneous threads
Hope this helps. Thank you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With