Return-Path: Delivered-To: apmail-hc-dev-archive@www.apache.org Received: (qmail 79076 invoked from network); 27 Jan 2011 04:53:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Jan 2011 04:53:09 -0000 Received: (qmail 61871 invoked by uid 500); 27 Jan 2011 04:53:09 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 61668 invoked by uid 500); 27 Jan 2011 04:53:06 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 61660 invoked by uid 99); 27 Jan 2011 04:53:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jan 2011 04:53:05 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Jan 2011 04:53:04 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id p0R4qiFf019095 for ; Thu, 27 Jan 2011 04:52:44 GMT Message-ID: <25036625.232041296103964103.JavaMail.jira@thor> Date: Wed, 26 Jan 2011 23:52:44 -0500 (EST) From: "Kennard Consulting (JIRA)" To: dev@hc.apache.org Subject: [jira] Updated: (HTTPCLIENT-1048) PostMethod very slow 'out of the box' for /j_security_check In-Reply-To: <17815809.230401296094244313.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1048?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kennard Consulting updated HTTPCLIENT-1048: ------------------------------------------- Description: First, thanks for an awesome piece of work in HttpClient. I use it every day and it is very useful to me. HttpClient's default settings include adding an... Expect: 100-continue ...header to every PostMethod. This seems to interact poorly with Tomcat's (and possibly other Java EE containers) FormAuthenticator. I tested on both Tomcat 6 and JBoss 5.1.0 (which I believe uses a fork of Tomcat). Testing both with/without the 'Expect' header I see '/j_security_check' login times of: With Expect header: 2012ms Without Expect header: 8ms So the default is some 250x slower. This is without a database or any other complicating factors. It can make a dramatic difference if you are using HttpClient to simulate logging in and retrieving information. I include a test WAR. To deploy it: 1. Copy into /webapps 2. Edit conf/tomcat-users.xml to enable the tomcat/tomcat username/password 3. Run Tomcat 4. Hit http://localhost:8080/ExpectTest 5. Log in as tomcat/tomcat 6. Hit 'Start Test' The issue can be worked around by removing the RequestExpectContinue interceptor, but it takes a lot of digging through code to realise this. Otherwise you may simply conclude 'HttpClient is slow'. According to the HTTP spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3), the 100 header "allows a client that is sending a request message with a request body to determine if the origin server is willing to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking at the body". So perhaps this setting should only apply for 'large' POST bodies, not for simple 'j_username=Foo&j_password=Bar' bodies? Regards, Richard was: First, thanks for an awesome piece of work in HttpClient. I use it every day and it is very useful to me. HttpClient's default settings include adding an... Expect: 100-continue ...header to every PostMethod. This seems to interact poorly with Tomcat's (and possibly other Java EE containers) FormAuthenticator. I tested on both Tomcat 6 and JBoss 5.1.0 (which I believe uses a fork of Tomcat). Testing both with/without the 'Expect' header I see '/j_security_check' login times of: With Expect header: 2012ms Without Expect header: 8ms So the default is some 250x slower. This is without a database or any other complicating factors. It can make a dramatic difference if you are using HttpClient to simulate logging in and retrieving information. I include a test WAR. To deploy it: 1. Copy into /webapps 2. Edit conf/tomcat-users.xml to enable the tomcat/tomcat username/password 3. Run Tomcat 4. Hit http://localhost:8080/ExpectTest 5. Log in as tomcat/tomcat 6. Hit 'Start Test' The issue can be worked around by removing the RequestExpectContinue interceptor, but it takes a lot of digging through the code to realise this. According to the HTTP spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3), the 100 header "allows a client that is sending a request message with a request body to determine if the origin server is willing to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking at the body". So perhaps this setting should only apply for 'large' POST bodies, not for simple 'j_username=Foo&j_password=Bar' bodies? Regards, Richard > PostMethod very slow 'out of the box' for /j_security_check > ----------------------------------------------------------- > > Key: HTTPCLIENT-1048 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1048 > Project: HttpComponents HttpClient > Issue Type: Bug > Affects Versions: 4.0.3 > Environment: Java 6, Tomcat 6, JBoss 5.1 > Reporter: Kennard Consulting > Attachments: ExpectTest.war > > > First, thanks for an awesome piece of work in HttpClient. I use it every day and it is very useful to me. > HttpClient's default settings include adding an... > Expect: 100-continue > ...header to every PostMethod. This seems to interact poorly with Tomcat's (and possibly other Java EE containers) FormAuthenticator. I tested on both Tomcat 6 and JBoss 5.1.0 (which I believe uses a fork of Tomcat). Testing both with/without the 'Expect' header I see '/j_security_check' login times of: > With Expect header: 2012ms > Without Expect header: 8ms > So the default is some 250x slower. This is without a database or any other complicating factors. It can make a dramatic difference if you are using HttpClient to simulate logging in and retrieving information. > I include a test WAR. To deploy it: > 1. Copy into /webapps > 2. Edit conf/tomcat-users.xml to enable the tomcat/tomcat username/password > 3. Run Tomcat > 4. Hit http://localhost:8080/ExpectTest > 5. Log in as tomcat/tomcat > 6. Hit 'Start Test' > The issue can be worked around by removing the RequestExpectContinue interceptor, but it takes a lot of digging through code to realise this. Otherwise you may simply conclude 'HttpClient is slow'. > According to the HTTP spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.2.3), the 100 header "allows a client that is sending a request message with a request body to determine if the origin server is willing to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking at the body". So perhaps this setting should only apply for 'large' POST bodies, not for simple 'j_username=Foo&j_password=Bar' bodies? > Regards, > Richard -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org