Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35493

severe performance regression after SECURITY-243

      If you have a git changelog with lots of commits by different users and a non-local authentication scheme (basically anything other than the local database) then viewing that page now takes a lot longer as all the users in the commits need to be looked up in the security realm to see if they are valid authentication "users" or if it is just a "full name" that can be resolved from disk.

      There needs to be a way for plugins to say get me a user not for authentication purposes that can if the user has been saved on disk will return that in preference to not hitting the security realm to see if the user does indeed exist.

      setting hudson.model.User.SECURITY_243_FULL_DEFENSE=false helps but there should really be a separate API.

      WIthout this extra API all security realms need to implement multiple caches (a not found cache as well as a regular cache)

          [JENKINS-35493] severe performance regression after SECURITY-243

          James Nord created issue -
          James Nord made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: core [ 15738 ]
          Key Original: SECURITY-311 New: JENKINS-35493
          Workflow Original: Security v1.2 [ 171796 ] New: JNJira [ 171796 ]
          Project Original: Security Issues [ 10180 ] New: Jenkins [ 10172 ]
          Status Original: Untriaged [ 10001 ] New: Open [ 1 ]

          Sam Van Oort added a comment -

          It may be worth considering adding an API for raw author/committer Strings in changesets (similar to getAuthorName() in the GitChangeSet implementation) which does not require full user lookup (useful for cases like this).

          Sam Van Oort added a comment - It may be worth considering adding an API for raw author/committer Strings in changesets (similar to getAuthorName() in the GitChangeSet implementation) which does not require full user lookup (useful for cases like this).
          Jesse Glick made changes -
          Labels Original: regression New: performance regression
          Jesse Glick made changes -
          Link New: This issue is blocking SECURITY-243 [ SECURITY-243 ]
          James Nord made changes -
          Link New: This issue is related to JENKINS-35484 [ JENKINS-35484 ]

          rsandell added a comment -

          For this particular slowness we could perhaps just add a chache to the affected area https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/model/User.java#L1058 so that we can get it in an earlier LTS and then expose an API at a later date.

          rsandell added a comment - For this particular slowness we could perhaps just add a chache to the affected area https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/model/User.java#L1058 so that we can get it in an earlier LTS and then expose an API at a later date.
          rsandell made changes -
          Assignee New: rsandell [ rsandell ]
          rsandell made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          rsandell made changes -
          Remote Link New: This issue links to "PR 2446 (Web Link)" [ 14635 ]

            rsandell rsandell
            teilo James Nord
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: