Fixes are available
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
APAR status
Closed as program error.
Error description
The overhead of J2SE and J2EE security has increased in the 6.1 release. This APAR will be used to reduce this overhead.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server version 6.1 * * users using Java 2 and Java 2 Enterprise * * Edition (J2EE) security. * **************************************************************** * PROBLEM DESCRIPTION: While running applications with Java 2 * * and J2EE security enabled on WebSphere * * Application Server, there is a * * significant performance overhead * * resulting in higher response times. * **************************************************************** * RECOMMENDATION: * **************************************************************** First, due to internal class loader changes, each access of the context class loader by the runtime incurred a Java 2 security check. Second, Java 2 Connector (J2C) repeatedly recreated many Subject objects even when a large number of databse connections are using the same credentials. Third, there is a large overhead associated with both J2EE security and the overhead of caller lists with Security Attribute Propagation (SAP).
Problem conclusion
First, enhancements were made to the runtime to avoid the overhead of accessing the context class loader. Second, a new system property was added: com.ibm.websphere.security.auth.j2c. cacheReadOnlyAuthDataSubjects When set to true, J2C will make Subject objects read-only and store them in a cache based on principal and auth data alias. This property must not be set if the Subject needs to be modified after being retrieved from a login module. Third, two new system properties were created to reduce the overhead of Security Attribute Propagation: com.ibm.CSI.disablePropagationCallerList com.ibm.CSI.propagateFirstCallerOnly Both should be set to true to avoid the costs associated with caller lists. With this fix, Java 2 and J2EE security performance is significantly improved. The fix for this APAR is currently targeted for inclusion in fixpak 6.1.0.9. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK43270
Reported component name
WEBSPH APP SERV
Reported component ID
5724J0800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-04-13
Closed date
2007-04-26
Last modified date
2007-04-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
SECURITY RUNTIME
Fix information
Fixed component name
WEBSPH APP SERV
Fixed component ID
5724J0800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
29 December 2021