You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by ApacheNinja <dp...@gmail.com> on 2013/06/21 01:53:13 UTC
Performance slows dramatically over time when checking permissions
for authorization
Hello,
I am seeing some strange behavior where checking permissions for
authorization runs quickly for a few days but then the time it takes to
check permissions dramatically slows down. This appears to occur after a
few days of running the application. I took a look at this post but I don't
think it is the same issue:
http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-td6329816.html#a6333063
We are configuring Shiro programmatically as follows:
public static void initSecurityManager() {
//Set realms
mSecurityManager = new DefaultSecurityManager();
mSecurityManager.setAuthenticator(new MockAuthenticator());
ArrayList <Realm> realms = new ArrayList<Realm>();
realms.add(new PortalRealm());
realms.add(new PortalBaselineRealm());
mSecurityManager.setRealms(realms);
//Setup caching
EhCacheManager shiroCacheManager = new EhCacheManager();
CacheManager cacheManager = CacheManager.create();
Ehcache cache = cacheManager.getEhcache(SHIRO_CACHE);
shiroCacheManager.setCacheManager(cache.getCacheManager());
mSecurityManager.setCacheManager(shiroCacheManager);
//Set session timeout
((DefaultSessionManager)mSecurityManager.getSessionManager()).setGlobalSessionTimeout(28800000);
SecurityUtils.setSecurityManager(mSecurityManager);
}
Our entry in the ehcache.xml is as follows:
<cache name="shiroCache"
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="3600"
timeToLiveSeconds="3600"
memoryStoreEvictionPolicy="LFU"
>
</cache>
In addition to Shiro's caching, we have another self populating ehcache that
actually holds the permissions when they are retrieved from the database.
However, I don't think this should be an issue. Any help would be
appreciated. Thanks.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Performance-slows-dramatically-over-time-when-checking-permissions-for-authorization-tp7578867.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Performance slows dramatically over time when checking
permissions for authorization
Posted by ApacheNinja <dp...@gmail.com>.
Thank you Les. I will give this a try and report back if I run into any
issues.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Performance-slows-dramatically-over-time-when-checking-permissions-for-authorization-tp7578867p7578874.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Performance slows dramatically over time when checking
permissions for authorization
Posted by Les Hazlewood <lh...@apache.org>.
Sorry, apparently the default cache region name is expected to be
'shiro-activeSessionCache' (not shiro-activeSessionsCache as I wrote
previously). Either use 'shiro-activeSessionCache' in ehcache.xml or
use whatever name you want and call
sessionDAO.setActiveSessionsCacheName(nameInEhcacheXmlFile);
Cheers,
Les
On Sat, Jun 22, 2013 at 3:09 PM, Les Hazlewood <lh...@apache.org> wrote:
> It appears you haven't configured a SessionDAO that will actually use
> your cache.
>
> Based on this:
>
> http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO
>
> Your Java code should look something like this:
>
> SessionDAO sessionDAO = new EnterpriseCacheSessionDAO();
> ((DefaultSessionManager)mSecurityManager.getSessionManager()).setSessionDAO(sessionDAO);
>
> EhCacheManager shiroCacheManager = new EhCacheManager();
> mSecurityManager.setCacheManager(shiroCacheManager);
>
> Also ensure your <cache> element in ehcache.xml is named
> 'shiro-activeSessionsCache' as documented, and not 'shiroCache'. Or,
> if you want to use the name 'shiroCache' set
> sessionDAO.setActiveSessionsCacheName("shiroCache");
>
> On a side note, if the Ehcache 'shiroCache' region is being used for
> Sessions, then you will see problems: this region has a TTL of 1 hour
> but your session manager globalSessionTimeout is set to be 8 hours.
> This means that your cache can (and will) expunge sessions that might
> be in use!
>
> If 'shiroCache' represents the active session cache, you will want to
> set timeToLive to be zero and timeToIdle to be something longer than
> your session timeout.
>
> This is all documented here:
> http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO
> and here:
> http://shiro.apache.org/session-management.html#SessionManagement-%7B%7BEnterpriseCacheSessionDAO%7D%7D
>
> HTH,
> --
> Les Hazlewood | @lhazlewood
> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>
>
> On Thu, Jun 20, 2013 at 4:53 PM, ApacheNinja <dp...@gmail.com> wrote:
>> Hello,
>>
>> I am seeing some strange behavior where checking permissions for
>> authorization runs quickly for a few days but then the time it takes to
>> check permissions dramatically slows down. This appears to occur after a
>> few days of running the application. I took a look at this post but I don't
>> think it is the same issue:
>> http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-td6329816.html#a6333063
>>
>> We are configuring Shiro programmatically as follows:
>>
>> public static void initSecurityManager() {
>>
>> //Set realms
>> mSecurityManager = new DefaultSecurityManager();
>> mSecurityManager.setAuthenticator(new MockAuthenticator());
>> ArrayList <Realm> realms = new ArrayList<Realm>();
>> realms.add(new PortalRealm());
>> realms.add(new PortalBaselineRealm());
>> mSecurityManager.setRealms(realms);
>>
>> //Setup caching
>> EhCacheManager shiroCacheManager = new EhCacheManager();
>> CacheManager cacheManager = CacheManager.create();
>> Ehcache cache = cacheManager.getEhcache(SHIRO_CACHE);
>> shiroCacheManager.setCacheManager(cache.getCacheManager());
>> mSecurityManager.setCacheManager(shiroCacheManager);
>>
>> //Set session timeout
>>
>> ((DefaultSessionManager)mSecurityManager.getSessionManager()).setGlobalSessionTimeout(28800000);
>> SecurityUtils.setSecurityManager(mSecurityManager);
>> }
>>
>> Our entry in the ehcache.xml is as follows:
>>
>>
>> <cache name="shiroCache"
>> maxElementsInMemory="10000"
>> eternal="false"
>> timeToIdleSeconds="3600"
>> timeToLiveSeconds="3600"
>> memoryStoreEvictionPolicy="LFU"
>> >
>> </cache>
>>
>> In addition to Shiro's caching, we have another self populating ehcache that
>> actually holds the permissions when they are retrieved from the database.
>> However, I don't think this should be an issue. Any help would be
>> appreciated. Thanks.
>>
>>
>>
>>
>> --
>> View this message in context: http://shiro-user.582556.n2.nabble.com/Performance-slows-dramatically-over-time-when-checking-permissions-for-authorization-tp7578867.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Performance slows dramatically over time when checking
permissions for authorization
Posted by Les Hazlewood <lh...@apache.org>.
It appears you haven't configured a SessionDAO that will actually use
your cache.
Based on this:
http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO
Your Java code should look something like this:
SessionDAO sessionDAO = new EnterpriseCacheSessionDAO();
((DefaultSessionManager)mSecurityManager.getSessionManager()).setSessionDAO(sessionDAO);
EhCacheManager shiroCacheManager = new EhCacheManager();
mSecurityManager.setCacheManager(shiroCacheManager);
Also ensure your <cache> element in ehcache.xml is named
'shiro-activeSessionsCache' as documented, and not 'shiroCache'. Or,
if you want to use the name 'shiroCache' set
sessionDAO.setActiveSessionsCacheName("shiroCache");
On a side note, if the Ehcache 'shiroCache' region is being used for
Sessions, then you will see problems: this region has a TTL of 1 hour
but your session manager globalSessionTimeout is set to be 8 hours.
This means that your cache can (and will) expunge sessions that might
be in use!
If 'shiroCache' represents the active session cache, you will want to
set timeToLive to be zero and timeToIdle to be something longer than
your session timeout.
This is all documented here:
http://shiro.apache.org/session-management.html#SessionManagement-EHCacheSessionDAO
and here:
http://shiro.apache.org/session-management.html#SessionManagement-%7B%7BEnterpriseCacheSessionDAO%7D%7D
HTH,
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Thu, Jun 20, 2013 at 4:53 PM, ApacheNinja <dp...@gmail.com> wrote:
> Hello,
>
> I am seeing some strange behavior where checking permissions for
> authorization runs quickly for a few days but then the time it takes to
> check permissions dramatically slows down. This appears to occur after a
> few days of running the application. I took a look at this post but I don't
> think it is the same issue:
> http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-td6329816.html#a6333063
>
> We are configuring Shiro programmatically as follows:
>
> public static void initSecurityManager() {
>
> //Set realms
> mSecurityManager = new DefaultSecurityManager();
> mSecurityManager.setAuthenticator(new MockAuthenticator());
> ArrayList <Realm> realms = new ArrayList<Realm>();
> realms.add(new PortalRealm());
> realms.add(new PortalBaselineRealm());
> mSecurityManager.setRealms(realms);
>
> //Setup caching
> EhCacheManager shiroCacheManager = new EhCacheManager();
> CacheManager cacheManager = CacheManager.create();
> Ehcache cache = cacheManager.getEhcache(SHIRO_CACHE);
> shiroCacheManager.setCacheManager(cache.getCacheManager());
> mSecurityManager.setCacheManager(shiroCacheManager);
>
> //Set session timeout
>
> ((DefaultSessionManager)mSecurityManager.getSessionManager()).setGlobalSessionTimeout(28800000);
> SecurityUtils.setSecurityManager(mSecurityManager);
> }
>
> Our entry in the ehcache.xml is as follows:
>
>
> <cache name="shiroCache"
> maxElementsInMemory="10000"
> eternal="false"
> timeToIdleSeconds="3600"
> timeToLiveSeconds="3600"
> memoryStoreEvictionPolicy="LFU"
> >
> </cache>
>
> In addition to Shiro's caching, we have another self populating ehcache that
> actually holds the permissions when they are retrieved from the database.
> However, I don't think this should be an issue. Any help would be
> appreciated. Thanks.
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Performance-slows-dramatically-over-time-when-checking-permissions-for-authorization-tp7578867.html
> Sent from the Shiro User mailing list archive at Nabble.com.