Security cache properties
The following Java virtual machine (JVM) system properties determine the
initial size of the primary and secondary hash table caches, which affect
the frequency of rehashing and the distribution of the hash algorithms. The
larger the number of available hash values, the less likely a hash collision
occurs, retrieval time might be slower. If several entries compose a hash
table cache, creating the table in a larger capacity supports more efficient
hash entries than letting automatic rehashing determine the growth of the
table. Rehashing causes every entry to move each time.
You can configure these system properties by completing the following steps
in the administrative console:
- Click Servers > Application servers > server_name.
- Click Java and Process Management > Process Definition > Java Virtual
Machine.
- Specify the property name and its value in the Generic JVM arguments field.
You can specify multiple property name and value pairs delimited by a space.
- com.ibm.websphere.security.util.authCacheEnabled
![[Version 5.0.2 and later]](../../v502x.gif)
- This property determines whether the Subject cache is enabled for the
process. When the Subject cache is disabled, a new Java Authentication and
Authorization Service (JAAS) login occurs for every request, which results
in a performance degradation. Disable the Subject cache with caution.
- com.ibm.websphere.security.util.authCacheSize
![[5.0 only]](../../v50.gif)
![[Version 5.0.1]](../../v501.gif)
- This property sets the initial cache size for the authentication Subject
cache used for a particular process. When large numbers of requests are received
by this server, it is better to set a large value for this property. The default
cache size is 200 entries. The size automatically grows, as needed.
- com.ibm.websphere.security.util.tokenCacheSize
- This cache stores LTPA credentials
in the cache using the LTPA token as
a lookup value. When using an LTPA token
to log in, the LTPA credential is created
at the security server for the first time. This cache prevents the need to
go to the security server on subsequent logins using an LTPA token.
- com.ibm.websphere.security.util.CredentialCacheSize
![[5.0 only]](../../v50.gif)
![[Version 5.0.1]](../../v501.gif)
- Given the user ID and password for login, this cache returns the concrete
credential object without the need to repeat authentication at the security
server. If the credential object has expired, repeat authentication is required.
- com.ibm.websphere.security.util.LTPAValidationCacheSize
- Given the credential token for login, this cache returns the concrete
LTPA credential object, without the need
to revalidate at the security server. If the token has expired, revalidation
is required.

Tuning security configurations

Example: User revocation from a cache
Searchable topic ID:
rsec_tuneproperties
Last updated: Jun 21, 2007 4:12:58 PM CDT
WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/rsec_tuneproperties.html