Java Has Poor Performance when Using Kerberos krb5 Authentication AuthList Put Method
(Doc ID 2393121.1)
Last updated on MAY 07, 2018
Applies to:Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.
When Java is configured to use Kerberos (krb5) authentication, invoking acceptSecContext() at a high rate results in a significant performance problem in the JVM's clean-up code, done right after adding the authentication timestamp in the LinkedList<AuthTimeWithHash>. The AuthList put method is invoked from (internal) sun.security.krb5.internal.rcache.MemoryCache synchronized void checkAndStore(KerberosTime currTime, AuthTimeWithHash time) method. Cleanup is done by removing the last entry from a LinkedList one by one in a synchronized block causes poor performance.
The following is seen from Java Flight Recorder (JFR) Hot Methods:
This issue occurs only when using Kerberos. If the service does not use Kerberos, the performance is very fast.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document