PK43270: IMPROVE J2SE AND J2EE SECURITY PERFORMANCE.

Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Windows
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Linux
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for HP-UX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for i5/OS
6.1.0.9 WebSphere Application Server V6.1 Fix Pack 9 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.23 WebSphere Application Server V6.1 Fix Pack 23 for i5/OS
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for HP-UX
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Windows
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for i5/OS
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Solaris
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Linux
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for AIX
6.1.0.23 WebSphere Application Server V6.1 Fix Pack 23 for AIX
Java SDK 1.5 SR9 Cumulative Fix for WebSphere Application Server
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Windows
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Solaris
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Linux
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for HP-UX
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Linux
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for i5/OS
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for HP-UX
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for AIX
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Solaris
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Windows
Java SDK 1.5 SR9 Cumulative Fix for WebSphere Application Server
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for i5/OS
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for AIX
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Windows
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for HP-UX
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Solaris
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Linux
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for AIX
6.1.0.31: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for HP-UX
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Linux
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Windows
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Solaris
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Linux
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for AIX
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for HP-UX
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for i5/OS
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Solaris
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Windows
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for i5/OS
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Solaris
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Windows
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for AIX
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for HP-UX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for AIX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for HP-UX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for i5/OS
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Linux
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Solaris
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Windows
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: WebSphere Application Server V6.1 Fix Pack 37
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: WebSphere Application Server V6.1 Fix Pack 39
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: WebSphere Application Server V6.1 Fix Pack 41
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: WebSphere Application Server V6.1 Fix Pack 43
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: WebSphere Application Server V6.1 Fix Pack 45
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Linux

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The overhead of J2SE and J2EE security has increased in the 6.1
    release.  This APAR will be used to reduce this overhead.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: IBM WebSphere Application Server version 6.1 *
    *                 users using Java 2 and Java 2 Enterprise     *
    *                 Edition (J2EE) security.                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: While running applications with Java 2  *
    *                      and J2EE security enabled on WebSphere  *
    *                      Application Server, there is a          *
    *                      significant performance overhead        *
    *                      resulting in higher response times.     *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    First, due to internal class loader changes, each access of the
    context class loader by the runtime incurred a Java 2 security
    check.
    Second, Java 2 Connector (J2C) repeatedly recreated many Subject
    objects even when a large number of databse connections are
    using the same credentials.
    Third, there is a large overhead associated with both J2EE
    security and the overhead of caller lists with Security
    Attribute Propagation (SAP).
    

Problem conclusion

  • First, enhancements were made to the runtime to avoid the
    overhead of accessing the context class loader.
    Second, a new system property was added:
    com.ibm.websphere.security.auth.j2c.
    cacheReadOnlyAuthDataSubjects
    
    When set to true, J2C will make Subject objects read-only and
    store them in a cache based on principal and auth data alias.
    This property must not be set if the Subject needs to be
    modified after being retrieved from a login module.
    Third, two new system properties were created to reduce the
    overhead of Security Attribute Propagation:
        com.ibm.CSI.disablePropagationCallerList
        com.ibm.CSI.propagateFirstCallerOnly
    Both should be set to true to avoid the costs associated with
    caller lists.
    
    With this fix, Java 2 and J2EE security performance is
    significantly improved.
    
    The fix for this APAR is currently targeted for inclusion in
    fixpak 6.1.0.9.
    Please refer to the recommended updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK43270

  • Reported component name

    WEBSPH APP SERV

  • Reported component ID

    5724J0800

  • Reported release

    61A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-04-13

  • Closed date

    2007-04-26

  • Last modified date

    2007-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • SECURITY RUNTIME
    

Fix information

  • Fixed component name

    WEBSPH APP SERV

  • Fixed component ID

    5724J0800

Applicable component levels

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Application Server
General

Software version:

6.1

Reference #:

PK43270

Modified date:

2007-04-26

Translate my page

Machine Translation

Content navigation