Security cache properties
The following system properties determine the initial size of the primary and secondary hash table caches, which affect the frequency of rehashing and the distribution of the hash algorithms. The larger the number of available hash values, the less likely a hash collision occurs, retrieval time might be slower. If several entries compose a hash table cache, creating the table in a larger capacity supports more efficient hash entries than letting automatic rehashing determine the growth of the table. Rehashing causes every entry to move each time.
- com.ibm.websphere.security.util.authCacheEnabled
- This property determines whether the Subject cache is enabled for the process. When the Subject cache is disabled, a new Java Authentication and Authorization Service (JAAS) login occurs for every request, which results in a performance degradation. Disable the Subject cache with caution.
- com.ibm.websphere.security.util.tokenCacheSize
- This cache stores LTPA credentials in the cache using the LTPA token as a lookup value. When using an LTPA token to log in, the LTPA credential is created at the security server for the first time. This cache prevents the need to go to the security server on subsequent logins using an LTPA token.
- com.ibm.websphere.security.util.LTPAValidationCacheSize
- Given the credential token for login, this cache returns the concrete LTPA credential object, without the need to revalidate at the security server. If the token has expired, revalidation is required.
Tuning security configurations
Example: User revocation from a cache
Tuning performance parameter index