Add notes about synchronization and performance

jchambers · jchambers · commit d7b64353c700 · 2022-03-09T09:49:42.000-05:00
diff --git a/README.md b/README.md
@@ -63,6 +63,12 @@ Current password: 164092
 Future password:  046148
 ```
 
+## Performance and best practices
+
+One-time password generators are thread-safe and reusable. Generally, applications should treat one-time password generator instances as long-lived resources.
+
+The password-generating methods in a one-time password generator are `synchronized`. In multi-threaded applications that make heavy use of a shared one-time password generator instance, synchronization may become a performance bottleneck. In that case, callers may benefit from using one instance per thread (for example, by using a [`ThreadLocal`](https://docs.oracle.com/javase/8/docs/api/java/lang/ThreadLocal.html)).
+
 ## License and copyright
 
 java-otp is published under the [MIT License](https://opensource.org/licenses/MIT).
diff --git a/src/main/java/com/eatthepath/otp/HmacOneTimePasswordGenerator.java b/src/main/java/com/eatthepath/otp/HmacOneTimePasswordGenerator.java
@@ -32,7 +32,11 @@
  * <p>Generates HMAC-based one-time passwords (HOTP) as specified in
  * <a href="https://tools.ietf.org/html/rfc4226">RFC&nbsp;4226</a>.</p>
  *
- * <p>{@code HmacOneTimePasswordGenerator} instances are thread-safe and may be shared between threads.</p>
+ * <p>{@code HmacOneTimePasswordGenerator} instances are thread-safe and may be shared between threads. Note that the
+ * {@link #generateOneTimePassword(Key, long)} method (and its relatives) are {@code synchronized}; in multi-threaded
+ * applications that make heavy use of a shared {@code HmacOneTimePasswordGenerator} instance, synchronization may
+ * become a performance bottleneck. In that case, callers may benefit from using one
+ * {@code HmacOneTimePasswordGenerator} instance per thread (for example, with a {@link ThreadLocal}).</p>
  *
  * @author <a href="https://github.com/jchambers">Jon Chambers</a>
  */
diff --git a/src/main/java/com/eatthepath/otp/TimeBasedOneTimePasswordGenerator.java b/src/main/java/com/eatthepath/otp/TimeBasedOneTimePasswordGenerator.java
@@ -31,7 +31,11 @@
  * <p>Generates time-based one-time passwords (TOTP) as specified in
  * <a href="https://tools.ietf.org/html/rfc6238">RFC&nbsp;6238</a>.</p>
  *
- * <p>{@code TimeBasedOneTimePasswordGenerator} instances are thread-safe and may be shared between threads.</p>
+ * <p>{@code TimeBasedOneTimePasswordGenerator} instances are thread-safe and may be shared between threads. Note that
+ * the {@link #generateOneTimePassword(Key, Instant)} method (and its relatives) are {@code synchronized}; in
+ * multi-threaded applications that make heavy use of a shared {@code TimeBasedOneTimePasswordGenerator} instance,
+ * synchronization may become a performance bottleneck. In that case, callers may benefit from using one
+ * {@code TimeBasedOneTimePasswordGenerator} instance per thread (for example, with a {@link ThreadLocal}).</p>
  *
  * @author <a href="https://github.com/jchambers">Jon Chambers</a>
  */

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,11 @@`
`32`	`32`	`* <p>Generates HMAC-based one-time passwords (HOTP) as specified in`
`33`	`33`	`* <a href="https://tools.ietf.org/html/rfc4226">RFC 4226</a>.</p>`
`34`	`34`	`*`
`35`		`- * <p>{@code HmacOneTimePasswordGenerator} instances are thread-safe and may be shared between threads.</p>`
	`35`	`+ * <p>{@code HmacOneTimePasswordGenerator} instances are thread-safe and may be shared between threads. Note that the`
	`36`	`+ * {@link #generateOneTimePassword(Key, long)} method (and its relatives) are {@code synchronized}; in multi-threaded`
	`37`	`+ * applications that make heavy use of a shared {@code HmacOneTimePasswordGenerator} instance, synchronization may`
	`38`	`+ * become a performance bottleneck. In that case, callers may benefit from using one`
	`39`	`+ * {@code HmacOneTimePasswordGenerator} instance per thread (for example, with a {@link ThreadLocal}).</p>`
`36`	`40`	`*`
`37`	`41`	`* @author <a href="https://github.com/jchambers">Jon Chambers</a>`
`38`	`42`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,11 @@`
`31`	`31`	`* <p>Generates time-based one-time passwords (TOTP) as specified in`
`32`	`32`	`* <a href="https://tools.ietf.org/html/rfc6238">RFC 6238</a>.</p>`
`33`	`33`	`*`
`34`		`- * <p>{@code TimeBasedOneTimePasswordGenerator} instances are thread-safe and may be shared between threads.</p>`
	`34`	`+ * <p>{@code TimeBasedOneTimePasswordGenerator} instances are thread-safe and may be shared between threads. Note that`
	`35`	`+ * the {@link #generateOneTimePassword(Key, Instant)} method (and its relatives) are {@code synchronized}; in`
	`36`	`+ * multi-threaded applications that make heavy use of a shared {@code TimeBasedOneTimePasswordGenerator} instance,`
	`37`	`+ * synchronization may become a performance bottleneck. In that case, callers may benefit from using one`
	`38`	`+ * {@code TimeBasedOneTimePasswordGenerator} instance per thread (for example, with a {@link ThreadLocal}).</p>`
`35`	`39`	`*`
`36`	`40`	`* @author <a href="https://github.com/jchambers">Jon Chambers</a>`
`37`	`41`	`*/`