The following Java virtual machine (JVM) security cache
custom properties determine whether the authentication cache is enabled
or disabled. If the authentication cache is enabled, as recommended,
these custom properties specify the initial size of the primary and
secondary hash table caches, which affect the frequency of rehashing
and the distribution of the hash algorithms.
Important: The com.ibm.websphere.security.util.tokenCacheSize
and com.ibm.websphere.security.util.LTPAValidationCacheSize properties
were replaced with the com.ibm.websphere.security.util.authCacheSize
property.
You can specify these system properties by completing the following
steps:
- Click Servers > Application servers > server_name.
- Under Server Infrastructure, expand Java and Process Management.
- Click Process Definition > Java Virtual Machine.
- Under Additional properties, click Custom properties > New.
- Under General Properties, specify the property name and its value.
You can specify multiple property name and value pairs delimited by
a space.
- Click OK.
WebSphere Application Server includes the following security cache
custom properties:
- com.ibm.websphere.security.util.authCacheSize
- Specifies the initial size of the primary and secondary hash table
caches. A higher number of available hash values might decrease the
occurrence of hash collisions. A hash collision results in a linear
search for the hash bucket, which might decrease the retrieval time.
If several entries compose a hash table cache, you create a table
with a larger capacity that supports more efficient hash entries instead
of allowing automatic rehashing determine the growth of the table.
Rehashing causes every entry to move each time.
Default: |
50 |
Type: |
Integer |
- com.ibm.websphere.security.util.authCacheEnabled
- Specifies whether to disable the authentication cache. For example,
you can cache the user ID and the one-way hashed password as the key
lookup for the cache or use a token. The com.ibm.websphere.security.util.authCacheEnabled custom
property has three possible values:
- A true value enables the authentication cache. The user
registry or repository is not accessed multiple times.
- A false value disables the authentication cache. The
user registry or repository is accessed multiple times, which impacts
performance. If you add com.ibm.websphere.security.util.authCacheEnabled=false to
the Java virtual machine (JVM), the cache is disabled. WebSphere Application
Server invokes a custom Java Authentication and Authorization Service
(JAAS) login module.
- A BasicAuthDisabled value enables the authentication
cache, but does not allow credentials to be looked up by a user ID
and a one-way hash password.
-
- com.ibm.websphere.security.util.authCacheMaxSize
- Specifies the maximum size of all entries in the authentication
cache. This prevents unbounded growth of the cache. There are
approximately three to four lookup entries per login added to the
cache. Assume this size should be set to about five time the number
of distinct users who might login to your system during a single
cache timeout period (the default is 30 minutes)
For example, if
you have 200 users who might login during a 30 minute period, you
should have a maximum cache size set to 1000 to handle this number
of users without re-authentication occurring. Setting this value too
large may cause memory issues if your JVM heap size is too small
to handle the number of cache entries. Setting this value too small
can affect the login performance of users who re-authenticate frequently
(such as moving around secured links on a web site).
Default |
25000 |
Type |
Integer |