[CASSANDRA-14497] Add Role login cache - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.0-alpha1, 4.0
Component/s: Feature/Authorization
Labels:
- security

Description

The ClientState.login() function is used for all auth message: AuthResponse.java:82. But the role.canLogin information is not cached. So it hits the database every time: CassandraRoleManager.java:407. For a cluster with lots of new connections, it's causing performance issue. The mitigation for us is to increase the system_auth replication factor to match the number of nodes, so local_one would be very cheap. The P99 dropped immediately, but I don't think it is not a good solution.

I would purpose to add Role.canLogin to the RolesCache to improve the auth performance.

Attachments

Activity

People

Assignee:: Sam Tunnicliffe

Reporter:: Jay Zhuang

Authors:: Sam Tunnicliffe

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 05/Jun/18 04:33

Updated:: 15/May/20 08:01

Resolved:: 01/Sep/18 20:18