Skip to content

Lazily initialize userNotFoundEncodedPassword #4927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Lazily initialize userNotFoundEncodedPassword #4927

wants to merge 1 commit into from

Conversation

philwebb
Copy link
Member

Update DaoAuthenticationProvider so that userNotFoundEncodedPassword
is lazily initialized on the first call to retrieveUser, rather than
in doAfterPropertiesSet.

Since some PasswordEncoder implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that userNotFoundEncodedPassword creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
Found = encode(userNotFound) + decode(supplied)
Not-Found = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
Found = decode(supplied)
Not-Found = decode(userNotFound)

Fixes gh-4915

@philwebb philwebb mentioned this pull request Dec 22, 2017
Closed
@philwebb
Lazily initialize userNotFoundEncodedPassword
cff6f18 
Update `DaoAuthenticationProvider` so that `userNotFoundEncodedPassword`
is lazily initialized on the first call to `retrieveUser`, rather than
in `doAfterPropertiesSet`.

Since some `PasswordEncoder` implementations can be slow, this change
can help to improve application startup times and the expense of some
delay with the first login.

Note that `userNotFoundEncodedPassword` creation occurs on the first
user retrieval, regardless of whether the user is ultimately found. This
ensures consistent processing times, regardless of the outcome.

First Call:
	Found      = encode(userNotFound) + decode(supplied)
	Not-Found  = encode(userNotFound) + decode(userNotFound)

Subsequent Call:
	Found      = decode(supplied)
	Not-Found  = decode(userNotFound)

Fixes spring-projectsgh-4915
@rwinch rwinch self-assigned this Jan 24, 2018
@rwinch rwinch added status: duplicate A duplicate of another issue in: core An issue in spring-security-core labels Jan 24, 2018
@rwinch rwinch added this to the 5.0.1 milestone Jan 24, 2018
@rwinch
Copy link
Member

rwinch commented Jan 24, 2018

Thanks for the PR @philwebb! I merged this into master with a bit of polish
6ba225b

@rwinch rwinch closed this Jan 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rwinch rwinch

Labels
in: core An issue in spring-security-core status: duplicate A duplicate of another issue
Projects
None yet
Milestone
5.0.1
Development

Successfully merging this pull request may close these issues.

BCrypt encode calls increase startup times
2 participants
@philwebb @rwinch