Tomcat 7 中更快的随机生成器
我遇到的问题是 Tomcat 7 启动速度非常慢。我在日志文件中发现了这一点:
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [12,367] milliseconds.
当然,安全性很重要,但在我的开发计算机上则不然。我完全可以使用标准的快速随机数生成器。所以我不需要这种慢得离谱的 SecureRandom 实现。
问题是:我怎样才能禁用它?搜索解决方案,但只找到一些有关可设置为 java.util.Random 的 randomClass 属性的已弃用信息。我还发现这个属性现在在 Tomcat 7 中似乎被命名为 secureRandomClass 。我尝试将其设置为 java.util.Random 但这失败了,因为 Tomcat 7 强制转换了对象到 java.util.SecureRandom (并且还记录了指定的类必须扩展 java.util.SecureRandom,因此不再可能使用 java.util.Random 来代替。)
那么我怎样才能得到摆脱这个极其缓慢的随机数生成器启动,以便我的开发 tomcat 尽可能快地启动/重新启动?
I have the problem that Tomcat 7 is terribly slow on startup. I found this in the log file:
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [12,367] milliseconds.
Security is important, sure, but not on my development machine. I could perfectly live with a standard fast random number generator. So I don't need this ridiculously slow SecureRandom implementation.
Question is: How can I disable it? Is searched for a solution but only found some deprecated info about a randomClass attribute which can be set to java.util.Random. I also found out that this attribute seems to be named secureRandomClass now in Tomcat 7. I tried to set it to java.util.Random but this fails because Tomcat 7 casts the object to java.util.SecureRandom (And it's also documented that the specified class must extend java.util.SecureRandom, so it's no longer possible to use java.util.Random instead.)
So how can I get rid of this terribly slow random number generator startup so my development tomcat starts/restarts as fast as possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
根据 TomCat Wiki,您可以使用非阻塞熵源:
“有一种方法可以配置 JRE 以使用非阻塞熵源 : -通过设置以下系统属性来阻止熵源:
-Djava.security.egd=file:/dev/./urandom"According to TomCat Wiki you can use non blocking entropy source:
"There is a way to configure JRE to use a non-blocking entropy source by setting the following system property:
-Djava.security.egd=file:/dev/./urandom"您可能需要在服务器上安装Haveged。
Tomcat 使用 SecureRandom 在启动时生成安全 id,SecureRandom 使用 /dev/random 或 /dev/urandom 生成随机数。
在某些无头 Linux 环境中,/dev/random 熵池可能会产生低质量的随机性,并且在生成随机数时响应非常慢。
有一篇很好的文章解释了 Haveged 如何解决这个问题。
如何设置-使用haveged的云服务器的附加熵
You might need to install Haveged on your server.
Tomcat is using SecureRandom to generate secure id on startup, and SecureRandom is using /dev/random or /dev/urandom to generate random number.
In some headless linux environment, /dev/random entropy pools might produce low quality of randomness and respond very slow on generating random number.
There is good article on explaining how Haveged can solve this problem.
how-to-setup-additional-entropy-for-cloud-servers-using-haveged
您可能需要修补 Tomcat。
尽管作为一种黑客,您总是可以尝试使用包装标准 java.util.Random 实例的东西来扩展 java.util.SecureRandom......这至少可以解决强制转换问题。
另一种想法......减速可能是由于熵池耗尽所致?您可能想尝试将更多的熵放入池中,这可能会使其运行得非常快。
You probably need to patch Tomcat.
Though as a hack, you could always try extending java.util.SecureRandom with something that wraps a standard java.util.Random instance....... this would get past the cast problem at least.
One other thought.... could the slowdown be due to an exhausted entropy pool? You might want to try getting more entropy into the pool, this might make it go really fast.
只需从
$JAVA_PATH/jre/lib/security/java.security文件中找到securerandom.source=...并将其更改为securerandom.source=file: /dev/./urandomhttps://stackoverflow.com/a/26432537/450586
just find
securerandom.source=...from$JAVA_PATH/jre/lib/security/java.securityfile and change it assecurerandom.source=file:/dev/./urandomhttps://stackoverflow.com/a/26432537/450586
老问题,但仍然存在......在我的例子中是嵌入式 Tomcat。
-Djava.security.egd=file:/dev/./urandom解决方案对我不起作用。所以我用谷歌搜索,直到理解这个问题,但在使用 lsof 进行一些测试后,很明显该解决方法不再有效。快速 查看代码确认当前实现忽略此系统属性。问题是 Tomcat 在
/dev/random上阻塞,因此我寻找向系统添加熵的方法,并发现 这个答案效果很好!在Debian中作为root:它可能不是超级安全,但在我看来对于会话id生成来说已经足够了。
顺便说一句,我最终使用了 Jetty。如果您不需要 Tomcat 的所有功能,速度会快得多。
Old problem, but still around... In my case with an embedded Tomcat.
The
-Djava.security.egd=file:/dev/./urandomsolution did not work for me. So I googled until understanding the issue, but after a few tests withlsofit was apparent that the workaround doesn't work anymore. A quick look at the code confirmed that the current implementation ignores this system property.The problem is Tomcat blocking on
/dev/random, so I looked for ways to add entropy to the system and found this answer which worked great! In Debian as root:It may not be as super-duper-secure, but in my opinion is more that enough for session id generation.
By the way, I ended up using Jetty. Much quicker if you don't need all the features of Tomcat.
如果您的硬件支持,请尝试使用 Java RdRand Utility,网址为:
http://code.google.com/p/lizalab-rdrand-util/
它基于 Intel 的 RDRAND 指令,比 SecureRandom 快约 10 倍,并且对于大批量实施不存在带宽问题。
完全公开,我是该实用程序的作者。
If your hardware supports it try using Java RdRand Utility available at:
http://code.google.com/p/lizalab-rdrand-util/
Its based on Intel's RDRAND instruction and is about 10 times faster than SecureRandom and no bandwidth issues for large volume implementation.
Full disclosure, I'm the author of the utility.