Stormpath filter gets hit for static assets (e.g. JavaScript files), causing performance issues #1031

Closed
mraible opened this Issue Oct 11, 2016 · 2 comments

Comments

Projects
None yet
5 participants
@mraible
Contributor

mraible commented Oct 11, 2016

I found this issue while integrating Stormpath into a JHipster application. To reproduce, you can run https://github.com/mraible/jhipster-stormpath-example. I've also created mraible/jhipster-stormpath-example#10 to track this as part of that project.

Without Stormpath enabled (in SecurityConfiguration.java), most JS files take under 100ms to load. The app finishes loading in 1.55s. When Stormpath is enabled, some JS files take over 2 seconds to load. The app finishes loading in 4.3s, and the server logs are filled with:

2016-10-07 14:20:55.961 DEBUG 71718 --- [nio-8080-exec-6]
 enticationSpringSecurityProcessingFilter : No token in request, will continue chain.

Adding <logger name="com.stormpath.spring" level="WARN"/> to quiet the logs does not improve load times.

Level of concern: high. This a bad developer experience because you have to wait for the files to load if you have caching turned off in Chrome Developer Tools.

@jarias jarias added the in progress label Oct 11, 2016

@jarias jarias self-assigned this Oct 11, 2016

@jarias jarias added this to the 1.1.1 milestone Oct 11, 2016

@lhazlewood

This comment has been minimized.

Show comment
Hide comment
@lhazlewood

lhazlewood Oct 11, 2016

Member

Any ideas on why this is happening? And a recommended solution?

Member

lhazlewood commented Oct 11, 2016

Any ideas on why this is happening? And a recommended solution?

@mraible

This comment has been minimized.

Show comment
Hide comment
@mraible

mraible Oct 11, 2016

Contributor

I believe it's happening because we filter all requests. Spring Boot will, by default, permit access to /css/**, /js/**, /images/**, and /**/favicon.ico. We should do something similar.

http://stackoverflow.com/questions/24916894/serving-static-web-resources-in-spring-boot-spring-security-application

Contributor

mraible commented Oct 11, 2016

I believe it's happening because we filter all requests. Spring Boot will, by default, permit access to /css/**, /js/**, /images/**, and /**/favicon.ico. We should do something similar.

http://stackoverflow.com/questions/24916894/serving-static-web-resources-in-spring-boot-spring-security-application

@dogeared dogeared modified the milestones: 1.1.2, 1.1.1 Oct 12, 2016

@adamstormpath adamstormpath added ready and removed in progress labels Oct 12, 2016

@dogeared dogeared added in progress and removed ready labels Oct 24, 2016

mraible added a commit that referenced this issue Oct 24, 2016

@dogeared dogeared modified the milestones: 1.1.3, 1.1.2 Oct 24, 2016

@mraible mraible added needs review and removed in progress labels Oct 24, 2016

@dogeared dogeared removed this from the 1.1.3 milestone Nov 1, 2016

@dogeared dogeared closed this Nov 2, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment