Essencium Backend is a software library built on top of Spring Boot that allows developers to quickly get started on new software projects. Essencium provides, for example, a fully implemented role-rights concept as well as various field-tested solutions for access management and authentication.
GNU Lesser General Public License v3.0
15
stars
3
forks
source link
Use `jwtAuthenticationProvider` only in `JwtTokenAuthenticationFilter` #502
Is your feature request related to a problem? Please describe.
During some profiling action I investigate a heavy CPU time consumption in the DaoAuthenticationProvider#additionalAuthenticationChecks method of Spring. The problem here is, that the DaoAuthenticationProvider is part of the JwtTokenAuthenticationFilter authentication managers. So even if a JWT is present in the HTTP header, the DaoAuthenticationProvider hashes the given input (the JWT as String) and compares it with the users password.
Describe the solution you'd like
During the JwtTokenAuthenticationFilter only the jwtAuthenticationProvider should be applied. If there is no match, all the other providers can be run.
Is your feature request related to a problem? Please describe. During some profiling action I investigate a heavy CPU time consumption in the
DaoAuthenticationProvider#additionalAuthenticationChecksmethod of Spring. The problem here is, that theDaoAuthenticationProvideris part of theJwtTokenAuthenticationFilterauthentication managers. So even if a JWT is present in the HTTP header, theDaoAuthenticationProviderhashes the given input (the JWT asString) and compares it with the users password.Describe the solution you'd like During the
JwtTokenAuthenticationFilteronly thejwtAuthenticationProvidershould be applied. If there is no match, all the other providers can be run.