Tune authorization

To tune the authorization process, consider the following steps:

1. Consider mapping your users to groups in the user registry. Then, associate the groups with your J2EE roles. This association greatly improves performance as the number of users increase.

2. Judiciously assign method-permissions for enterprise beans. For example, you can use an asterisk (*) to indicate all methods in the method-name element. When all the methods in enterprise beans require the same permission, an asterisk (*) can be used for method-name to indicate all methods. This indication reduces the size of deployment descriptor and hence reduce the memory required to load the deployment descriptor. It also reduces the search time during method-permission match for the enterprise beans method.

3. Judiciously assign security-constraints for servlets. For example, you can use the URL pattern *.jsp to apply the same authentication data constraints to indicate all JSP files. For a given URL, the exact match in the deployment descriptor takes precedence over longest path match. Use the extension match (*.jsp , *.do , *.html) if there is no exact match and longest path match for a given URL in the security constraints.