17.5.10 Security settings
This section discusses how various settings related to security affect performance. Refer to WAS V6: Security Handbook, SG24-6316 for more information about WebSphere Security.
When evaluating security for your environment, always keep the following steps in mind:
1. Analyze your security needs regarding authentication, authorization, and communication paths over which this information is exchanged.
2. Turn off security where you do not need it.
3. Make sure you do not sacrifice security for the sake of performance. Disabling security
Security is a global setting. When security is enabled, performance may be decreased by up to 20%.
In the Administrative Console, select Security -> Global Security. The Enable global security and Enforce Java 2 security check boxes control global security settings.
Fine-tune the security cache timeout for the environment
If WAS security is enabled, the security cache timeout can influence performance. The timeout parameter specifies how often to refresh the security-related caches.
Security information pertaining to beans, permissions, and credentials is cached. When the cache timeout expires, all cached information becomes invalid. Subsequent requests for the information result in a database lookup. Sometimes, acquiring the information requires invoking a LDAP-bind or native authentication. Both invocations are relatively costly operations for performance.
Determine the best trade-off for the application by looking at usage patterns and security needs for the site.
Use the Administrative Console to change this value. To do so, select Security -> Global Security. Enter an appropriate value in seconds in the Cache Timeout field. The default is 600 seconds.