Below is the API which is the endpoint of spring-security-oauth2-2.x.x for validating the access token.
curl -v -H 'Accept: application/json' -H 'Authorization: Basic NTIyNDM0OWYtYmNlMy00NTMwLWEwMTgtNmU4YWVkM2JiMzhlOm15LXNlY3JldC1rZXk=' -X GET 'http://127.0.0.1:8110/oauth/check_token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6Im1heWFuayIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJleHAiOjE1OTA5MDIzNDIsImF1dGhvcml0aWVzIjpbIlJPTEVfU1RVREVOVCJdLCJqdGkiOiIwMjE1ZTVjMS1hNjExLTRlNzctYmI1MS0zY2U2ZTU5MThlMTMiLCJjbGllbnRfaWQiOiI2ZTA1ZDk5My1kNTQ0LTRkYzktYWVjOC05NTc5MGY3NGUxOWEifQ.vWdTPTER6dhMaaPZTo1x0ApJzoaLs5pUpJBRR77Tfqs'
This API is taking more than 1 sec, we are using JDBC, not the InMemory, but this is not related to the database because we have few entries in DB. I've tried to debug the code but did not found any clue to the problem.
Below is my finding where it is taking so much time:
2020-05-19 12:25:41.673 DEBUG 26520 --- [nio-8110-exec-1] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2020-05-19 12:25:42.632 DEBUG 26520 --- [nio-8110-exec-1] o.s.b.f.s.DefaultListableBeanFactory : Creating shared instance of singleton bean 'scopedTarget.clientDetailsService'
2020-05-19 12:25:42.830 DEBUG 26520 --- [nio-8110-exec-1] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL query
2020-05-19 12:25:42.831 DEBUG 26520 --- [nio-8110-exec-1] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL statement [select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove from oauth_client_details where client_id = ?]
2020-05-19 12:25:42.831 DEBUG 26520 --- [nio-8110-exec-1] o.s.jdbc.datasource.DataSourceUtils : Fetching JDBC Connection from DataSource
2020-05-19 12:25:43.680 DEBUG 26520 --- [nio-8110-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@647b2ff0: Principal: org.springframework.security.core.userdetails.User@9b84454a: Username: 5224349f-bce3-4530-a018-6e8aed3bb38e; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
My Further finding on this, on the below line taking the time.
Class:- org.springframework.security.authentication.dao.DaoAuthenticationProvider
Line No:- 90
if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
So it seems this is because of passwordEncoder firstly it's converting our password and where its taking time, can anyone please suggest how to solve this, I don't need a complex algorithm for password store.
This we are using:-
@Autowired
@Qualifier("bCryptPasswordEncoder")
private BCryptPasswordEncoder bCryptPasswordEncoder;
