[Version 5.0.2 and later]Security cache properties

The following Java virtual machine (JVM) system properties determine the initial size of the primary and secondary hash table caches, which affect the frequency of rehashing and the distribution of the hash algorithms. The larger the number of available hash values, the less likely a hash collision occurs, retrieval time might be slower. If several entries compose a hash table cache, creating the table in a larger capacity supports more efficient hash entries than letting automatic rehashing determine the growth of the table. Rehashing causes every entry to move each time.

You can configure these system properties by completing the following steps in the administrative console:

  1. Click Servers > Application servers > server_name.
  2. Click Java and Process Management > Process Definition > Java Virtual Machine.
  3. Specify the property name and its value in the Generic JVM arguments field. You can specify multiple property name and value pairs delimited by a space.

com.ibm.websphere.security.util.authCacheEnabled[Version 5.0.2 and later]
This property determines whether the Subject cache is enabled for the process. When the Subject cache is disabled, a new Java Authentication and Authorization Service (JAAS) login occurs for every request, which results in a performance degradation. Disable the Subject cache with caution.
com.ibm.websphere.security.util.authCacheSize[5.0 only][Version 5.0.1]
This property sets the initial cache size for the authentication Subject cache used for a particular process. When large numbers of requests are received by this server, it is better to set a large value for this property. The default cache size is 200 entries. The size automatically grows, as needed.
com.ibm.websphere.security.util.tokenCacheSize
This cache stores LTPA credentials in the cache using the LTPA token as a lookup value. When using an LTPA token to log in, the LTPA credential is created at the security server for the first time. This cache prevents the need to go to the security server on subsequent logins using an LTPA token.
com.ibm.websphere.security.util.CredentialCacheSize[5.0 only][Version 5.0.1]
Given the user ID and password for login, this cache returns the concrete credential object without the need to repeat authentication at the security server. If the credential object has expired, repeat authentication is required.
com.ibm.websphere.security.util.LTPAValidationCacheSize
Given the credential token for login, this cache returns the concrete LTPA credential object, without the need to revalidate at the security server. If the token has expired, revalidation is required.

Related tasks
Tuning security configurations
Related reference
Example: User revocation from a cache
Tuning performance parameter index



Searchable topic ID:   rsec_tuneproperties
Last updated: Jun 21, 2007 4:55:42 PM CDT    WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/rsec_tuneproperties.html

Library | Support | Terms of Use | Feedback