Details
-
Bug
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
Description
If you have a git changelog with lots of commits by different users and a non-local authentication scheme (basically anything other than the local database) then viewing that page now takes a lot longer as all the users in the commits need to be looked up in the security realm to see if they are valid authentication "users" or if it is just a "full name" that can be resolved from disk.
There needs to be a way for plugins to say get me a user not for authentication purposes that can if the user has been saved on disk will return that in preference to not hitting the security realm to see if the user does indeed exist.
setting hudson.model.User.SECURITY_243_FULL_DEFENSE=false helps but there should really be a separate API.
WIthout this extra API all security realms need to implement multiple caches (a not found cache as well as a regular cache)
Attachments
Issue Links
- is duplicated by
-
JENKINS-39084 PROD: cbwf-controller component is causing Jenkins's CPU to spike
-
- Resolved
-
- is related to
-
JENKINS-38065 "Recent Changes" link takes more than 10 minutes to display the results
-
- Closed
-
-
JENKINS-35484 if jenkins user lookup is expensive, requesting changelogs can place undue burden on the master
-
- Closed
-
- links to
olivergondza It's a rather significant problem for anything interacting with SCM changesets, since the changeset APIs resolve users to Jenkins users – in many cases with slower remote security realms, performance without a cache can be bad enough that it will lock up a Jenkins master almost completely.
On those grounds it would be a very strong candidate for inclusion.
CC teilo and jglick to add to the above, since they've also dealth first-hand with problems from the SECURITY-243 fix without caches.