Acegi Security System for Spring benchmark

I’ve recently used Acegi for a simple application and as I wanted to know how
much it loads the webapp I used JMeter to benchmark it. I’ve just spent less
than 30 min. to setup everything, so yake it as is, just a small idea of what
involves adding the Acegi filters to process the requests.

What I have used:

  • Tomcat 4.0.6
  • Acegi 0.7.0
  • JMeter 2.0.2

Acegi filters defined in web.xml:

  • A ProcessingFilter made by myself
  • HttpSessionIntegrationFilter
  • SecurityEnforcementFilter

Here there are the results of three tries, each one with the number of threads,
the ramp-up (delay between threads in seconds), and the loops (number of times
the test was executed). The url tested was not secured.

threads ramp-up loop  
50 1 10  
  average (ms.) deviation (ms.)  
Using Acegi 107 47 15%
Not using Acegi 93 82

threads ramp-up loop  
50 1 100  
average (ms.) deviation (ms.)  
Using Acegi 233 137 13%
Not using Acegi 206 125

threads ramp-up loop  
5 1 1000  
  average (ms.) deviation (ms.)  
Using Acegi 15 12 67%
Not using Acegi 9 12

You can see that the overhead of using Acegi is about 14% increase of access
time in every page when the load is high. When it’s low, the overhead is
higher, but not relevant.

3 thoughts on “Acegi Security System for Spring benchmark

  1. Thanks for the info Carlos, we were going to run that ourselves to see what’s up. I wonder if you take the same thing and run it with Tomcat 5.0.29 if that performance is improved, after all Tomcat 4 was not known for solid performance.


  2. I didn’t use other filters, the requested url was a simple jsp page with no logic, and the AuthenticationProvider was made by myself, but it doesn’t matter as it’s not called (the / url is not secured).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s