When deploying the project, I found that the startup was very slow, and it took several minutes. This was abnormal, and there was no error in the log. The following information was found in the log.

Tomcat is slow to start,

Log4j:[2015-10-29 15:47:11] INFO ReadProperty:172 - Loading properties file from class path resource [resources/jdbc.properties] Log4j:[2015-10-29 15:47:11] INFO ReadProperty:172 - Loading properties file from class path The resource/resources/common. The properties of 29 - Oct - 2015 15:52:53. 587 INFO] [localhost - startStop - 1 org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instanceforSession ID generation using [SHA1PRNG] took [342,445] milliseconds.Copy the code

why

Tomcat 7/8 use org. Apache. Catalina. Util. SessionIdGeneratorBase. CreateSecureRandom class generates random safety class of SecureRandom instance as a session ID, it took 342 seconds, That’s close to six minutes.

SHA1PRNG algorithm is a pseudorandom number generator with high security based on SHA-1 algorithm.

In SHA1PRNG, there is a seed generator that performs various operations according to the configuration.

  • ifjava.security.egdAttributes, orsecurerandom.sourceProperty to specify “file:/dev/random” or “file:/dev/urandom”, then the JVM uses the native seed generatorNativeSeedGenerator, it calls the super() method, which callsSeedGenerator.URLSeedGenerator(/dev/random)Method to initialize.
  • ifjava.security.egdAttributes, orsecurerandom.sourceProperty to specify another existing URLSeedGenerator.URLSeedGenerator(url)Method to initialize.

That’s why we set the value to “file:///dev/urandom” or “file:/./dev/random” will work.

In this implementation, the generator evaluates the amount of noise in the entropy pool. Random numbers are created from entropy pools. When read, the /dev/random device returns only random bytes of noise from the entropy pool. /dev/random is great for scenarios that require very high quality randomness, such as one-off payments or key generation.

When the entropy pool is empty, reads from /dev/random are blocked until the entropy pool has collected enough ambient noise data. The goal is to be a password-safe pseudorandom number generator with the largest possible output from the entropy pool. Be sure to do this for scenarios that generate high-quality encryption keys or require long-term protection.

  • So what is ambient noise?

The random number generator collects ambient noise data from device drivers and other sources and puts it into an entropy pool. The generator evaluates the amount of noisy data in the entropy pool. When the entropy pool is empty, the collection of noise data takes time. This means that Tomcat is blocked for a long time when using entropy pools in a production environment.

To solve

  • In the Tomcat environment

A non-blocking Entropy Source can be used by configuring the JRE.

Egd =file:/dev/./urandom

After Tomcat is added, the startup time decreases to Server startup in 2912 ms.

  • Resolve in the JVM environment

Open $JAVA_PATH/jre/lib/security/Java. The security of the file, find the following content: Securerdom. Source =file:/dev/urandom Is replaced with securerdom. Source =file:/dev/./urandom

From blog.csdn.net/chszs/artic…