Performance: Custom permission evaluator
MEDIUM IMPACT
This affects the speed of authorization checks during user interactions, impacting input responsiveness and overall user experience.
0
0
Custom permission evaluator in Spring Boot - Performance & Optimization
Checking user permissions for each secured method call
Spring Boot
public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
// Use cached permissions stored in Authentication object
Set<String> permissions = auth.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.toSet());
return permissions.contains(permission);
}Avoids repeated database calls by using cached permissions, reducing latency in permission evaluation.
📈 Performance Gainreduces permission check time to under 1ms, improving input responsiveness
Checking user permissions for each secured method call
Spring Boot
public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
// Heavy database call on every permission check
User user = userRepository.findByUsername(auth.getName());
return user.getPermissions().contains(permission);
}This pattern triggers a database query on every permission check, causing delays and blocking user interactions.
📉 Performance Costblocks rendering for 50-100ms per check depending on DB latency
Performance Comparison
| Pattern | DB Calls | Permission Checks | Latency Impact | Verdict |
|---|---|---|---|---|
| Direct DB call per check | Multiple per request | High | 50-100ms delay per check | [X] Bad |
| Cached permissions in Authentication | None after login | Low | Under 1ms per check | [OK] Good |
Rendering Pipeline
Custom permission evaluation happens during request processing before rendering. Slow permission checks delay response generation, affecting interaction responsiveness.
→Request Handling
→Authorization Check
→Response Generation
⚠️ BottleneckAuthorization Check stage due to expensive permission lookups
Core Web Vital Affected
INP
This affects the speed of authorization checks during user interactions, impacting input responsiveness and overall user experience.
Optimization Tips
1Avoid database calls inside permission evaluators on every request.
2Cache user permissions in the security context or Authentication object.
3Measure authorization latency to ensure it does not block user interactions.
Performance Quiz - 3 Questions
Test your performance knowledge
What is the main performance issue with querying the database on every permission check?
DevTools: Spring Boot Actuator / Application Logs
How to check: Enable debug logging for security and monitor logs for permission evaluation duration; use Actuator metrics to track request latency.
What to look for: Look for long delays in authorization logs or high request processing times indicating slow permission checks.