[JENKINS-16703] Too many periodic requests to Crowd server

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: crowd2-plugin
Labels:
None
Environment:
Jenkins 1.480.2
Crowd2 plugin 1.5
Crowd 2.5.3

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/crowd2-plugin/releases/tag/crowd2-2.0.0

The logfile of Crowd contain lots of periodic requests coming from Jenkins. They occur every 5 seconds and are always the same. The following snippet from the log file shows the requests while one user (foo) is logged into Jenkins.

127.0.0.1 - - [08/Feb/2013:14:09:41 +0100] "POST /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00 HTTP/1.1" 200 346
127.0.0.1 - - [08/Feb/2013:14:09:41 +0100] "POST /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00 HTTP/1.1" 200 346
127.0.0.1 - - [08/Feb/2013:14:09:41 +0100] "GET /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00?expand=user HTTP/1.1" 200 752
127.0.0.1 - - [08/Feb/2013:14:09:41 +0100] "GET /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00?expand=user HTTP/1.1" 200 752
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group?groupname=jenkins-users HTTP/1.1" 200 381
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group?groupname=jenkins-users HTTP/1.1" 200 381
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group/user/direct?groupname=jenkins-users&username=foo HTTP/1.1" 404 129
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group/user/direct?groupname=jenkins-users&username=foo HTTP/1.1" 404 129
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group/user/nested?groupname=jenkins-users&username=foo HTTP/1.1" 200 173
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/group/user/nested?groupname=jenkins-users&username=foo HTTP/1.1" 200 173
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 987
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 987
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 4374
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 4374
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:42 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79

127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "POST /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00 HTTP/1.1" 200 346
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "POST /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00 HTTP/1.1" 200 346
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00?expand=user HTTP/1.1" 200 752
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/session/fZ2pVLxOteqInIc0VYr0tQ00?expand=user HTTP/1.1" 200 752
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group?groupname=jenkins-users HTTP/1.1" 200 381
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group?groupname=jenkins-users HTTP/1.1" 200 381
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group/user/direct?groupname=jenkins-users&username=foo HTTP/1.1" 404 129
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group/user/direct?groupname=jenkins-users&username=foo HTTP/1.1" 404 129
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group/user/nested?groupname=jenkins-users&username=foo HTTP/1.1" 200 173
127.0.0.1 - - [08/Feb/2013:14:09:47 +0100] "GET /rest/usermanagement/1/group/user/nested?groupname=jenkins-users&username=foo HTTP/1.1" 200 173
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 987
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 987
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/direct?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 4374
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=0&max-results=500&expand=group HTTP/1.1" 200 4374
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79
127.0.0.1 - - [08/Feb/2013:14:09:48 +0100] "GET /rest/usermanagement/1/user/group/nested?username=foo&start-index=500&max-results=500&expand=group HTTP/1.1" 200 79

The "Session validation interval" in the Crowd2 configuration is set to 10 (minutes?). Well, the configuration form always reverts back to 2 which seems to be a bug. However, the config.xml contains the correct value of 10.

Anyway, for some reason this value seems to be ignored completely.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

crowd2.hpi
2.99 MB
2017-12-11 09:43
crowd2.hpi
1.59 MB
2015-04-03 18:03
jenkins.log
86 kB
2013-06-14 12:57

depends on

JENKINS-17957 Crowd plugin - "remember me" doesn't work

Closed

duplicates

JENKINS-18791 session.validationinterval is not saved

Closed

Gerhard Schlager created issue - 2013-02-08 13:28

René Zanner added a comment - 2013-06-14 12:36

Somehow this is related to my newly opened issue ~~JENKINS-18253~~ which I will close as a duplicate now.

Anyway - this is a serious issue. We needed to switch the crowd2 plugin off since our Crowd server was not able to handle all the requests coming from Jenkins. Using tcpdump we measured up to 4000 requests per minute!!!

René Zanner added a comment - 2013-06-14 12:36 Somehow this is related to my newly opened issue JENKINS-18253 which I will close as a duplicate now. Anyway - this is a serious issue. We needed to switch the crowd2 plugin off since our Crowd server was not able to handle all the requests coming from Jenkins. Using tcpdump we measured up to 4000 requests per minute!!!

René Zanner added a comment - 2013-06-14 12:57

I attached the log file of a single login after a Jenkins restart. However, it is still incomplete and contains the last 760 or so lines!

(I used the "System Log" facility in "Manage Jenkins" to turn on "ALL" logging for "de.theit.jenkins.crowd" and "com.atlassian.crowd.integration" loggers.)

The requests from Jenkins to the Crowd server just won't stop - the plugin implementation seems to login on every HTTP request to Jenkins!
Since Jenkins is AJAX featured and authentication is realized by the CrowdServletFilter, it really should be performant and avoid any superfluous requests to the Crowd server...

René Zanner added a comment - 2013-06-14 12:57 I attached the log file of a single login after a Jenkins restart. However, it is still incomplete and contains the last 760 or so lines! (I used the "System Log" facility in "Manage Jenkins" to turn on "ALL" logging for "de.theit.jenkins.crowd" and "com.atlassian.crowd.integration" loggers.) The requests from Jenkins to the Crowd server just won't stop - the plugin implementation seems to login on every HTTP request to Jenkins! Since Jenkins is AJAX featured and authentication is realized by the CrowdServletFilter, it really should be performant and avoid any superfluous requests to the Crowd server...

René Zanner made changes - 2013-06-14 12:57

Attachment

New: jenkins.log [ 23758 ]

René Zanner added a comment - 2013-06-14 13:30

It seems that the CrowdServletFilter sometimes recreates the Authentication using autoLogin(), although it should already be available in the Spring SecurityContext. Shouldn't the SecurityContext be stored in the HttpSession? Otherwise every AJAX request of Jenkins may end up creating a new Spring SecurityContext, since its default strategy is "ThreadLocal"...

René Zanner added a comment - 2013-06-14 13:30 It seems that the CrowdServletFilter sometimes recreates the Authentication using autoLogin(), although it should already be available in the Spring SecurityContext. Shouldn't the SecurityContext be stored in the HttpSession? Otherwise every AJAX request of Jenkins may end up creating a new Spring SecurityContext, since its default strategy is "ThreadLocal"...

Marc Günther added a comment - 2014-03-25 19:48

This renders the crowd2-plugin completely unusable. We had page load times of around 20sec, compared to ~1sec with the old crowd-plugin. We switched back to that one now.

Marc Günther added a comment - 2014-03-25 19:48 This renders the crowd2-plugin completely unusable. We had page load times of around 20sec, compared to ~1sec with the old crowd-plugin. We switched back to that one now.

Kanstantsin Shautsou made changes - 2014-04-16 21:31

Link

New: This issue duplicates ~~JENKINS-18791~~ [ ~~JENKINS-18791~~ ]

SCM/JIRA link daemon added a comment - 2014-04-17 14:14

Code changed in jenkins
User: Kanstantsin Shautsou
Path:
src/main/java/de/theit/jenkins/crowd/CrowdConfigurationService.java
src/main/java/de/theit/jenkins/crowd/CrowdRememberMeServices.java
src/main/java/de/theit/jenkins/crowd/CrowdSecurityRealm.java
src/main/java/de/theit/jenkins/crowd/CrowdServletFilter.java
src/main/java/de/theit/jenkins/crowd/ErrorMessages.java
src/main/resources/crowd.properties
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/config.jelly
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-applicationName.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieDomain.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieTokenkey.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpMaxConnections.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyHost.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPassword.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPort.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyUsername.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpTimeout.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-password.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-sessionValidationInterval.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-url.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useProxy.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useSSO.html
src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help.html
src/main/resources/de/theit/jenkins/crowd/help-socketTimeout.html
http://jenkins-ci.org/commit/crowd2-plugin/7039baf8288687ee20590011dbd03b85020d2009
Log:
[FIXED JENKINS-21852] Added http proxy configuration.
[FIXED JENKINS-18791] Session validation interval saved from ui.
[FIXED JENKINS-13279] Don't use ssoTokenHelper, work with Embedded Crowd in Jira.
~~JENKINS-16703~~ More options for connection configuration.

Compare: https://github.com/jenkinsci/crowd2-plugin/compare/43588915417a...7039baf82886

SCM/JIRA link daemon added a comment - 2014-04-17 14:14 Code changed in jenkins User: Kanstantsin Shautsou Path: src/main/java/de/theit/jenkins/crowd/CrowdConfigurationService.java src/main/java/de/theit/jenkins/crowd/CrowdRememberMeServices.java src/main/java/de/theit/jenkins/crowd/CrowdSecurityRealm.java src/main/java/de/theit/jenkins/crowd/CrowdServletFilter.java src/main/java/de/theit/jenkins/crowd/ErrorMessages.java src/main/resources/crowd.properties src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/config.jelly src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-applicationName.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieDomain.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-cookieTokenkey.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpMaxConnections.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyHost.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPassword.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyPort.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpProxyUsername.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-httpTimeout.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-password.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-sessionValidationInterval.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-url.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useProxy.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help-useSSO.html src/main/resources/de/theit/jenkins/crowd/CrowdSecurityRealm/help.html src/main/resources/de/theit/jenkins/crowd/help-socketTimeout.html http://jenkins-ci.org/commit/crowd2-plugin/7039baf8288687ee20590011dbd03b85020d2009 Log: [FIXED JENKINS-21852] Added http proxy configuration. [FIXED JENKINS-18791] Session validation interval saved from ui. [FIXED JENKINS-13279] Don't use ssoTokenHelper, work with Embedded Crowd in Jira. JENKINS-16703 More options for connection configuration. Compare: https://github.com/jenkinsci/crowd2-plugin/compare/43588915417a...7039baf82886

Kanstantsin Shautsou added a comment - 2014-08-01 16:25

Is it still reproducible with 1.8 version?

Kanstantsin Shautsou added a comment - 2014-08-01 16:25 Is it still reproducible with 1.8 version?

Kanstantsin Shautsou made changes - 2014-08-18 16:59

Assignee

Original: Thorsten Heit [ t_heit ]

New: Kanstantsin Shautsou [ integer ]

Assignee:: Martin Spielmann

Reporter:: Gerhard Schlager

Votes:: 13 Vote for this issue

Watchers:: 25 Start watching this issue

Created:: 2013-02-08 13:28

Updated:: 2018-12-03 14:39

Resolved:: 2018-07-30 19:20

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: René Zanner added a comment - 2013-06-14 12:36

Expand comment: René Zanner added a comment - 2013-06-14 12:36

Collapse comment: René Zanner added a comment - 2013-06-14 12:57

Expand comment: René Zanner added a comment - 2013-06-14 12:57

Collapse comment: René Zanner added a comment - 2013-06-14 13:30

Expand comment: René Zanner added a comment - 2013-06-14 13:30

Collapse comment: Marc Günther added a comment - 2014-03-25 19:48

Expand comment: Marc Günther added a comment - 2014-03-25 19:48

Collapse comment: SCM/JIRA link daemon added a comment - 2014-04-17 14:14

Expand comment: SCM/JIRA link daemon added a comment - 2014-04-17 14:14

Collapse comment: Kanstantsin Shautsou added a comment - 2014-08-01 16:25

Expand comment: Kanstantsin Shautsou added a comment - 2014-08-01 16:25

People

Dates