Filter
Top Products
10
WEBSPHERE PORTAL V6.1 TUNING GUIDE
S E C U R I T Y A T T R I B U T E P R O P A G A T I O N
To reduce the Security Attribute Propagation (SAP) overhead, please use a custom property
'disable Callerlist'. If SAP is not used, you can disable that, to remove the extra overhead to
improve the login performance.
If Subject has not been customized, then there is no need to enable Security Attribute
Propagation. Security Attribute Propagation can add extra overhead due to some extra
processing that is required. However, there are certain configurations where performance
might be better with security propagation enabled due to reduction of remote registry calls.
See the WebSphere 6.1 InfoCenter (search for 'security attribute propagation') for a
discussion of when propagating security attributes is desirable. If you want to enable SAP
for functional reasons, you can improve the performance with CallerList tuning mentioned
below.
These settings apply to all platforms.
How to Set: In the WebSphere Administrative Console: Security->Secure Administration,
Applications, and Infrastructure -> Custom properties ->
Table 2: WebSphere Security Attribute Propagation Settings
Name Value
com.ibm.CSI.disablePropagationCallerList
true
com.ibm.CSI.rmiOutboundPropagationEnabled
false
com.ibm.CSI.rmiInboundPropagationEnabled
false
Security
Attribute
Propagation
com.ibm.ws.security.webInboundPropagationEnabled
false
For com.ibm.CSI.disablePropagationCallerList create a new property, for the other 3
properties, modify their value to “false”.
Note to WAS 7:
In our WAS 7 environment, we add
com.ibm.CSI.disablePropagationCallerList = true
, and
use the other 3 default true attributes. For was7, this field is accessed through:
Security->Global Security ->CustomProperties->New.