SEC-2521: Improve StandardPasswordEncoder Performance #2736
Assignees
Labels
in: crypto
An issue in spring-security-crypto
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Milestone
Comments
|
Rob Winch said: Thanks for the report. We can improve the performance by creating a new Digest instead of using synchronized. |
|
pascal gehl said: We ended up creating a PooledPasswordEncoder using commons-pool2 with the size of the pool roughly equals to the number of threads in the web container. |
spring-projects-issues
added
in: crypto
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
pascal gehl (Migrated from SEC-2521) said:
My web application uses a StandardPasswordEncoder to match passwords in Basic Authentication.
Under heavy load (700 Http requests per second) org.springframework.security.crypto.password.Digester becomes a major source of contention in
At 700 HTTP requests per seconds this synchronized block has an average contention of 247 milliseconds with maximums of 1.18 seconds.
At 500 HTTP requests per seconds this synchronized block has an average contention of 28 milliseconds with maximums of 291 milliseconds.
I wonder if there is a non synchronized alternative to StandardPasswordEncoder ?
The text was updated successfully, but these errors were encountered: