Essencium Backend is a software library built on top of Spring Boot that allows developers to quickly get started on new software projects. Essencium provides, for example, a fully implemented role-rights concept as well as various field-tested solutions for access management and authentication.
GNU Lesser General Public License v3.0
15
stars
3
forks
source link
Use `jwtAuthenticationProvider` only in `JwtTokenAuthenticationFilter` #502
Is your feature request related to a problem? Please describe.
During some profiling action I investigate a heavy CPU time consumption in the DaoAuthenticationProvider#additionalAuthenticationChecks method of Spring. The problem here is, that the DaoAuthenticationProvider is part of the JwtTokenAuthenticationFilter authentication managers. So even if a JWT is present in the HTTP header, the DaoAuthenticationProvider hashes the given input (the JWT as String) and compares it with the users password.
Describe the solution you'd like
During the JwtTokenAuthenticationFilter only the jwtAuthenticationProvider should be applied. If there is no match, all the other providers can be run.
Is your feature request related to a problem? Please describe. During some profiling action I investigate a heavy CPU time consumption in the
DaoAuthenticationProvider#additionalAuthenticationChecks
method of Spring. The problem here is, that theDaoAuthenticationProvider
is part of theJwtTokenAuthenticationFilter
authentication managers. So even if a JWT is present in the HTTP header, theDaoAuthenticationProvider
hashes the given input (the JWT asString
) and compares it with the users password.Describe the solution you'd like During the
JwtTokenAuthenticationFilter
only thejwtAuthenticationProvider
should be applied. If there is no match, all the other providers can be run.