Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-2802 Stress test of server.
  3. NEXUS-2816

Nexus appears to be searching external security realms for users which are in XML realm, causing peformance problems.

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.4.0
    • Component/s: Security
    • Labels:
      None

      Description

      I ran the same JMeter test as in NEXUS-2803, but this time with the LDAP realm enabled. The LDAP realm is listed below the XML realms, and the anonymous user is in the XML realm (and anonymous access is enabled).

      I'm seeing significant access to the LDAP server.

      Lots of timeouts (as listed below), and far worse performance. I finally stopped the test since it hadn't finished yet in about 20 minutes (without the ldap realm this test runs in about 4 minutes in Nexus 1.4).

      2009-10-05 10:59:23 ERROR [qtp-11511434-11] - o.j.r.l.AbstractLda~          - LDAP naming error while attempting to authenticate user.
      javax.naming.CommunicationException: ldap.sonatype.com:636 [Root exception is java.net.ConnectException: Connection timed out: connect]
      	at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
      	at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
      	at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
      	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
      	at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
      	at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
      	at javax.naming.InitialContext.init(Unknown Source)
      	at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
      	at com.sonatype.security.ldap.realms.PlexusLdapContextFactory.itm(Unknown Source)
      	at com.sonatype.security.ldap.realms.PlexusLdapContextFactory.getSystemLdapContext(Unknown Source)
      	at com.sonatype.security.ldap.realms.ConfigurableLdapAuthenticatingRealm.queryForAuthenticationInfo(Unknown Source)
      	at codeguard.nexusldaprealmplugin.apnpz.queryForAuthenticationInfo(Unknown Source)
      	at org.jsecurity.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:186)
      	at org.jsecurity.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:168)
      	at org.jsecurity.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:226)
      	at org.jsecurity.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:278)
      	at org.jsecurity.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:141)
      	at org.jsecurity.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:171)
      	at org.jsecurity.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:312)
      	at org.jsecurity.subject.DelegatingSubject.login(DelegatingSubject.java:237)
      	at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.executeAnonymousLogin(NexusHttpAuthenticationFilter.java:213)
      	at org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter.onAccessDenied(NexusHttpAuthenticationFilter.java:144)
      	at org.jsecurity.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:145)
      	at org.jsecurity.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:175)
      	at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:129)
      	at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
      	at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
      	at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
      	at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
      	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1148)
      	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:387)
      	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
      	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
      	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
      	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
      	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
      	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
      	at org.mortbay.jetty.Server.handle(Server.java:326)
      	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
      	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
      	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
      	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
      	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
      	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
      	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520)
      Caused by: java.net.ConnectException: Connection timed out: connect
      	at java.net.PlainSocketImpl.socketConnect(Native Method)
      	at java.net.PlainSocketImpl.doConnect(Unknown Source)
      	at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
      	at java.net.PlainSocketImpl.connect(Unknown Source)
      	at java.net.SocksSocketImpl.connect(Unknown Source)
      	at java.net.Socket.connect(Unknown Source)
      	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
      	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
      	at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
      	at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      	at java.lang.reflect.Method.invoke(Unknown Source)
      	at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
      	... 50 more
      

        Attachments

        1. conf.zip
          6 kB
        2. nexus.log
          177 kB
        3. nexus-with-ldap-realm.png
          nexus-with-ldap-realm.png
          334 kB
        4. nexus-with-ldap-realm-1.3.6.png
          nexus-with-ldap-realm-1.3.6.png
          74 kB
        5. nexus-with-ldap-realm-1.4.0.png
          nexus-with-ldap-realm-1.4.0.png
          120 kB
        6. nexus-with-ldap-realm-1.4-10-7.png
          nexus-with-ldap-realm-1.4-10-7.png
          75 kB

          Issue Links

            Activity

              People

              • Assignee:
                rseddon Rich Seddon
                Reporter:
                rseddon Rich Seddon
                Last Updated By:
                Rich Seddon
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 7h 25m
                  7h 25m