Monthly Archives: July 2014

Adding Spring Security users in bulk (in Grails)

Earlier this week I was at a client trying to help them diagnose some issues with a CSV import process. I was of course aware of Ted Naleid’s seminal blog post on bulk updates in Grails, and the issues mentioned there seemed the most likely culprits. Unfortunately, it didn’t turn out nearly as straightforward as I’d hoped.

We started with VisualVM, looking for any obvious problems with the memory usage. Nothing showed up, and in fact the import wasn’t creating a lot of records anyway. We progressed on to JProfiler and P6Spy, hoping to see some hotspots in the code or particularly slow queries. We did identify a couple of places that seemed to be taking the majority of the time, but it still wasn’t clear to me whether the issue was in code, Grails, Hibernate, or the database.

That day we implemented a workaround that shifted some work into a background thread using the Platform Core event bus. This was a reasonable thing to do anyway, considering the requirements of the business logic. Yet I was left still wondering why certain parts of the import process were fundamentally slow.

It bugged me enough that I decided to investigate one of the major culprits of the slow import: the Spring Security Core plugin’s UserRole.create() method. Perhaps I could reproduce the problem in a small project without the complexity of the client project. It seemed simple enough to be worth a try. And so I created a new Grails 2.3.7 project with Spring Security Core installed and the following controller action:

def createUsers()
    def startTime = System.currentTimeMillis()
    def roles = (0..<60).collect {
        new Role(authority: RandomStringUtils.randomAlphabetic(12)).save()
    def users = (0..<100).collect {
        new User(
                username: RandomStringUtils.randomAlphabetic(12),
                password: RandomStringUtils.randomAscii(20)).save()
    for (r in roles) {
        for (u in users) {
            UserRole.create u, r, false

    println "Total: ${(System.currentTimeMillis() - startTime) / 1000} s"

    redirect uri: "/"

To my relief, this took more than 30 seconds to complete on the first run. That seemed a lot slower than it should considering it’s only creating a total of 760 records. There was obviously some underlying issue here that I wasn’t seeing. I tried to clear and flush the session every 20 iterations, but that didn’t have a significant impact.

My next step was to simply create 760 Role records and then, independently, 760 User records. Both of these only took a few seconds. So what was special about UserRole? Why did its creation seem to be so expensive? I wanted to eliminate the database as a problem, so I tried using Groovy SQL (basically native JDBC) for the UserRole persistence. The total time dropped to a few seconds. So not the database then.

A Google search brought up another blog post on inserting data via Grails, by Marc Silverboard. In addition to using native JDBC, he suggests using a Hibernate stateless session. This sounded like an interesting possibility, so I shoe-horned it into my test action:

def createUsers()
    def session = sessionFactory.openStatelessSession()
    def tx = session.beginTransaction()
    def counter = 0
    for (r in roles) {
        for (u in users) {
            session.insert(new UserRole(user: u, role: r))
            if (counter % 20 == 0) {

It’s certainly uglier code, partly as I decided to do batch flushing every 20 rows (I also configured Hibernate’s JDBC batch size to 20). The results were worth it: the total import time came down to just 1 second! Obviously the issue was Hibernate’s caching in the session. Conundrum solved. I was still left wondering why the caching was such an issue only for UserRole, but that was a question for another time.

It would have been easy to stop at this point and bask in the glow of a job well done. Unfortunately, that’s not really me. With my engineering background, I did wonder whether the new code was bypassing more than just Hibernate’s caching. And then I remembered validation. Could validation be the real issue? In order to isolate that particular feature, I reverted all the code back to its original state and then modified the UserRole.create() method to use the validate: false option. I restarted the server and then clicked on the link that triggered the user creation. 10 seconds! I did it again. 6 seconds. After a few more times it settled down at just under 4 seconds. Wow.

Why is validation such an issue on UserRole? I have no idea. I did give deepValidate: false a go, but it didn’t show nearly as big an improvement as switching off validation completely. Maybe one of my readers understand what’s going on and can provide us with the answer. Or perhaps not knowing will bug me enough to get me looking deeper. But for now, I just want to summarise my findings:

  • Grails and Hibernate have a lot of moving parts – it can be hard to diagnose issues
  • You really do need to invest some quality time and rigour for any diagnosis phase
  • Hibernate stateless sessions are work investigating for any bulk inserts
  • Validation could be a significant hidden problem – try disabling it

I think in this case, the drop from 4s to 1s may make it worthwhile using a stateless session. But in either case, be sure you can do without the validation! And I hope this helps you with your own GORM bulk insertions, either with the diagnosis or the solution.

Going solo

As the dust settles from the launch of the second edition of Grails in Action, it’s now time to shift focus to other things. I genuinely hope that the book proves a valuable companion to all you Grails developers out there, but it’s been a draining experience. I’ve provided a handy link to the book in the sidebar.

The first step has already been taken: I have my website up and running! That formally announces my availability for consulting and training in both Groovy and Grails, technologies I’ve been involved with for about 8 years now. I plan to extend my offerings to Gradle as well, a tool I believe will become dominant in the area of building software as it has the power, flexibility and accessibility to deal with the all the different requirements of the many builds out there.

A longer term goal of mine is to produce online learning material, both free and paid, to help users of all technologies I favour. This work will appear throughout the year and I’ll announce it through Twitter, Google+ and of course this blog.

Don’t worry though, I’ll still be contributing to open source and keeping the Groovy Podcast trucking along!