S E C U R I T Y A T T R I B U T E P R O P A G A T I O N

To reduce the Security Attribute Propagation (SAP) overhead, please use a custom property 'disable Callerlist'. If SAP is not used, you can disable that, to remove the extra overhead to improve the login performance.

If Subject has not been customized, then there is no need to enable Security Attribute Propagation. Security Attribute Propagation can add extra overhead due to some extra processing that is required. However, there are certain configurations where performance might be better with security propagation enabled due to reduction of remote registry calls. See the WebSphere 6.1 InfoCenter (search for 'security attribute propagation') for a discussion of when propagating security attributes is desirable. If you want to enable SAP for functional reasons, you can improve the performance with CallerList tuning mentioned below.

These settings apply to all platforms.

How to Set: In the WebSphere Administrative Console: Security->Secure Administration, Applications, and Infrastructure -> Custom properties ->

Table 2: WebSphere Security Attribute Propagation Settings

Security

Name

Value

Attribute

 

 

Propagation

com.ibm.CSI.disablePropagationCallerList

true

 

 

 

 

 

com.ibm.CSI.rmiOutboundPropagationEnabled

false

 

 

 

 

com.ibm.CSI.rmiInboundPropagationEnabled

false

 

 

 

 

com.ibm.ws.security.webInboundPropagationEnabled

false

 

 

 

For com.ibm.CSI.disablePropagationCallerList create a new property, for the other 3 properties, modify their value to “false”.

Note to WAS 7:

In our WAS 7 environment, we add com.ibm.CSI.disablePropagationCallerList = true, and use the other 3 default true attributes. For was7, this field is accessed through: Security->Global Security ->CustomProperties->New.

1 0

W E BS P HE R E P O R T AL V 6 . 1 T U N I N G G U I D E

Page 15
Image 15
IBM 6.1.X manual Name Value, Propagation