Spring Security Performance – Authentication Cache

1. Introduction

Spring Security performance is one of the concerns that sometimes comes into picture, when the request processing time is noticed to be on the higher unacceptable side. There might be situations where you notice that the actual request processing takes around 120ms, while Spring Security authentication/authentication adds up another 500-600ms.

Spring Security considers each request as a fresh one, creating a new session and preparing a new security context every single time. This adds up to the overhead of user authentication/authentication, thus significantly lowering down the performance.

One of the elegant solutions for this could be caching the User Authentication for a specified time limit. In this tutorial, we will be checking out how we can do this.

User Authentication cache approach might not be accepted by the technical architects involved in your project, but this is definitely one of the better alternatives that can be suggested. With this approach, the Spring Security authentication/authentication massively reduces from 600ms to just around 100ms.

2. Authentication Cache implementation

All we need to do is to create a CachingLdapAuthenticationProvider class and extend it with LdapAuthenticationProvider, thus overriding the default authentication implementation as can be seen below.


CachingLdapAuthenticationProvider.java

Let’s also take a look at the Spring Security context file below.

spring-security.xml

3. Download the source code

Receive our updates to your inbox

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.