Does jwt auth need to be verified for every request? #5996

chenws1012 · 2022-01-03T13:09:50Z

chenws1012
Jan 3, 2022

I think verifying every request will affect performance. may be cache the verified jwt for a period of time, such as not repeating the verification within 5 minutes.

tokers · 2022-01-04T00:53:19Z

tokers
Jan 4, 2022
Collaborator

Any idea about the enhancement after applying such a cache?

1 reply

chenws1012 Jan 4, 2022
Author

is Bloom filter OK？

chenws1012 · 2022-01-21T02:12:07Z

chenws1012
Jan 21, 2022
Author

Use guava's bloomFilter to avoid repeated verification of tokens to improve performance

@Component
@Scope("prototype")
public class CircleBloomFilter {


    private CopyOnWriteArrayList<BloomFilter<CharSequence>> filters;

    private static final long expectedInsertions = 10000 * 1000L;
    private static final double fpp = 0.000001;


    public CircleBloomFilter() {
        this.filters = new CopyOnWriteArrayList<>();
        filters.add(BloomFilter.create(Funnels.stringFunnel(StandardCharsets.UTF_8), expectedInsertions, fpp));
        doCircle();
    }

   // cache for 5 minutes
    private void doCircle() {
        new ScheduledThreadPoolExecutor(1, runnable -> {
            Thread thread = new Thread(runnable, "CircleBloomFilter");
            thread.setDaemon(true);
            return thread;
        }).scheduleAtFixedRate(() -> {
            this.filters.add(0, BloomFilter.create(Funnels.stringFunnel(StandardCharsets.UTF_8), expectedInsertions, fpp));
            if(filters.size() > 5){
                this.filters.remove(filters.size() -1);
            }
        }, 1, 1, TimeUnit.MINUTES);
    }

    public void put(String key){
        this.filters.get(0).put(key);
    }

    public Boolean exists(String key){
        Iterator<BloomFilter<CharSequence>> iterator = this.filters.iterator();

        while ( iterator.hasNext() ){
            if (iterator.next().mightContain(key)){
                return true;
            }
        }
        return false;
    }

}

Fake code

if (passedCircleBloomFilter.exists(token)){ 
    //pass
    return chain.filter(request, response);
}else{
    //do check
   if ( checkToken(token) ){
        //pass
       passedCircleBloomFilter.put(token);
       return chain.filter(request, response);
    }

}

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Does jwt auth need to be verified for every request? #5996

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Does jwt auth need to be verified for every request? #5996

Uh oh!

Uh oh!

chenws1012 Jan 3, 2022

Replies: 2 comments · 1 reply

Uh oh!

tokers Jan 4, 2022 Collaborator

Uh oh!

Uh oh!

chenws1012 Jan 4, 2022 Author

Uh oh!

Uh oh!

chenws1012 Jan 21, 2022 Author

chenws1012
Jan 3, 2022

Replies: 2 comments 1 reply

tokers
Jan 4, 2022
Collaborator

chenws1012 Jan 4, 2022
Author

chenws1012
Jan 21, 2022
Author