Skip to content

Performance degraded when concurrent requests are using the same user #34054

New issue
New issue
Closed
#33981
Closed
Performance degraded when concurrent requests are using the same user#34054
#33981
Assignees
jhanders34
Labels
performancerelease bugThis bug is present in a released version of Open Liberty
@jhanders34

Description

@jhanders34
jhanders34
opened on Feb 11, 2026

Describe the bug
When concurrent requests to Liberty use the same user to authenticate, operations against the Subject generated can bottleneck on the same Subject when using the builtin authentication cache.

Same stack from a thread dump showing where applications are bottlenecked is:

 at javax.security.auth.Subject$ClassSet.<init>(Ljavax/security/auth/Subject;ILjava/lang/Class;)V (Subject.java:1667(Compiled Code))
 at javax.security.auth.Subject.getPublicCredentials(Ljava/lang/Class;)Ljava/util/Set; (Subject.java:910(Compiled Code))
 at com.ibm.websphere.security.auth.WSSubject.getWSCredential(Ljavax/security/auth/Subject;)Lcom/ibm/websphere/security/cred/WSCredential; (WSSubject.java:625(Compiled Code))

Steps to Reproduce
Run concurrent requests against a Liberty server with authentication enabled and the in memory authentication cache enabled and use the same user for each of the requests.

Expected behavior
Concurrent requests with the same user, should be able to run concurrently and not get bottlenecked on each other.

Diagnostic information:

  • OpenLiberty Version: 8.5.5 - 26.0.0.2
  • Java Version: All

Additional context
This problem can be worked around by disabling the authentication cache, but that can lead to other performance problems.

Metadata

Metadata

Assignees

Labels

performancerelease bugThis bug is present in a released version of Open Liberty

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions