[
https://issues.apache.org/jira/browse/TINKERPOP-1189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15543624#comment-15543624
]
Robert Dale commented on TINKERPOP-1189:
----------------------------------------
So even though BCrypt.checkpw() isolated in clock() appears to account for only
half of the time spent in 'auth', I have isolated it to just this.
By default BCrypt uses 10 rounds (hash complexity - 2^10). I created a new
user with only *4* rounds (valid values are 4 to 30).
{noformat}
graph = GraphFactory.open('conf/tinkergraph-credentials.properties')
graph.addVertex(T.label,
CredentialGraphTokens.VERTEX_LABEL_USER,CredentialGraphTokens.PROPERTY_USERNAME,
'jim',CredentialGraphTokens.PROPERTY_PASSWORD, BCrypt.hashpw('bob',
BCrypt.gensalt(4)));
{noformat}
Rerunning the server 'auth' test resulted in only 12 seconds (Vs. 10s with no
auth).
Workaround: add users with lower number of rounds or use a different
authenticator
Nice to have: option to configure bcrypt through properties or DSL
> SimpleAuthenticator over HttpChannelizer makes Gremlin Server pretty slow and
> consumes more CPU
> -----------------------------------------------------------------------------------------------
>
> Key: TINKERPOP-1189
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1189
> Project: TinkerPop
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.0.2-incubating
> Environment: Gremlin Server 3.0.2 backended by Titan 1.0.0 and
> Cassandra (separate instance), running in a server with 2 CPUs / 7.5 GB RAM
> (Linux Debian 3.16.7)
> Reporter: Gabriel Moreira
> Assignee: stephen mallette
> Priority: Minor
>
> I have setup Authorization in my Gremlin Server instances (v3.0.2), backended
> by Titan v1.0.0 and Cassandra.
> I am testing SimpleAuthenticator, with the following snippet from my
> gremlin-server.yaml:
> authentication: {
> className: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
> config: {
> credentialsDb: conf/tinkergraph-empty.properties,
> credentialsDbLocation: data/credentials.kryo}}
> ssl: {
> enabled: false}
> I am using the default serialization file of TinkerGraph credentials.kryo,
> with only the default user stephen/password.
> I am using Basic Auth in my requests to Gremlin Server, by passing the
> header "Authorization" with the value "Basic c3RlcGhlbjpwYXNzd29yZA==".
> Authorization works as expected. Therefore, the Gremlin Server becomes pretty
> slow! It takes 10x more time and consumes 5x more CPU (from 10% to 50%) to
> handle the same simple traversal Http POST request (below) in batch, compared
> to Gremlin Server with NO authorization!
> {
> "gremlin": "g.V().has('CONTENT','id', 'LinkPost:7330001').count()"
> }
> Is there a workaround to this?
> Ps. If there is a fix, could it be patched for version 3.0.2? I am limited to
> this version because I use Titan 1.0.0.
> Thanks.
> Gabriel Moreira
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
