Jose Miguel created WW-5630:
-------------------------------
Summary: Performance Issue SecurityMemberAccess
Key: WW-5630
URL: https://issues.apache.org/jira/browse/WW-5630
Project: Struts 2
Issue Type: Bug
Components: Value Stack
Environment: Payara 7
Reporter: Jose Miguel
Attachments: image-2026-05-20-16-37-00-000.png
The Security hardening introduced some performance issues in a system
multibranch (payara) where one single action is used to process thousand of
files per minute. The action is using exctly same calls, parameters, and
classes every call.
Every call is loading classes, so, blocks the ClassLoader as can be seen in JDK
Mission Control.
There's no way to avoid this issue, played with several confi parameters, with
no luck.
Checking code, is not cached, it's suggested to cache The validation of
classes, to avoid validate again and again the same class. the classes mostly
validated again and again are: java.lang.Process
org.apache.struts2.ActionContext
java.lang.Runtime
java.lang.Thread
java.lang.ThreadLocal
public static Set<Class<?>> validateClasses(Set<String> classNames, ClassLoader
validatingClassLoader) throws ConfigurationException {
Set<Class<?>> classes = new HashSet<>();
for (String className : classNames) {
try {
classes.add(validatingClassLoader.loadClass(className));
} catch (ClassNotFoundException e) {
throw new ConfigurationException("Cannot load class for exclusion/exemption
configuration: " + className, e);
}
}
return classes;
}
!image-2026-05-20-16-37-00-000.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
