S E C U R I T Y A T T R I B U T E P R O P A G A T I O N
To reduce the Security Attribute Propagation (SAP) overhead, please use a custom property 'disable Callerlist'. If SAP is not used, you can disable that, to remove the extra overhead to improve the login performance.
If Subject has not been customized, then there is no need to enable Security Attribute Propagation. Security Attribute Propagation can add extra overhead due to some extra processing that is required. However, there are certain configurations where performance might be better with security propagation enabled due to reduction of remote registry calls. See the WebSphere 6.1 InfoCenter (search for 'security attribute propagation') for a discussion of when propagating security attributes is desirable. If you want to enable SAP for functional reasons, you can improve the performance with CallerList tuning mentioned below.
These settings apply to all platforms.
How to Set: In the WebSphere Administrative Console:
Table 2: WebSphere Security Attribute Propagation Settings
Security | Name | Value | |
Attribute | |||
|
| ||
Propagation | com.ibm.CSI.disablePropagationCallerList | true | |
| |||
|
|
| |
| com.ibm.CSI.rmiOutboundPropagationEnabled | false | |
|
|
| |
| com.ibm.CSI.rmiInboundPropagationEnabled | false | |
|
|
| |
| com.ibm.ws.security.webInboundPropagationEnabled | false | |
|
|
|
For com.ibm.CSI.disablePropagationCallerList create a new property, for the other 3 properties, modify their value to “false”.
Note to WAS 7:
In our WAS 7 environment, we add com.ibm.CSI.disablePropagationCallerList = true, and use the other 3 default true attributes. For was7, this field is accessed through:
1 0
W E BS P HE R E P O R T AL V 6 . 1 T U N I N G G U I D E