grails-spring-security-core icon indicating copy to clipboard operation
grails-spring-security-core copied to clipboard

Published 20 hours ago verified publisher icon grails

GPSPRINGSECURITYCORE-203: Bad performance in security checks

Open graemerocher opened this issue 12 years ago • 2 comments

Original Reporter: rogovskiy Environment: Not Specified Version: Grails-Spring-Security-Core 2.0 Migrated From: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-203

Our application has 400 roles. If you look at the performance numbers in profiler you can see that GrantedAuthorityImpl.getAuthority() is called thousands of times.

The plugin uses hierarchical role model by default and runs a double loop to generate effective list of roles comparing role names in that loop. With 400 roles we are probably looking at 400 x 400 / 2 = 80,000 String.equals calls. Not the end of the world but something.

Now if you look at it at the bigger picture this calculation never gets cached. Every security check in the application reruns it:

public static boolean ifAllGranted(final String roles) {
   Collection<GrantedAuthority> inferred = findInferredAuthorities(getPrincipalAuthorities());
   return inferred.containsAll(parseAuthoritiesString(roles));
}

Our application has up to 100 security checks in a controller action. If you multiply 80,000 String equals by factor of 100 it becomes significant: 8,000,000 calls.

Suggestion would be to cache the results of findInferredAuthorities. There is a work around for us. Since we are not using hierarchical roles we can disable this whole behavior using NullRoleHierarcy.

Attached JProfile call trace.

graemerocher avatar Jan 14 '13 07:01 graemerocher

bond said: Looks like the html file is missing the image.

graemerocher avatar Jan 15 '13 21:01 graemerocher

rogovskiy said: Sorry I should have only attached the image. See graph.png.

Make sure you zoom in to see.

graemerocher avatar Jan 16 '13 06:01 graemerocher