A
Alexandre Poitras
Hi all,
We are currently facing some performance problems with OC4J container
based security. OC4J allows you, like most of the J2ee containers out
there, to plug-in a custom JAAS login module to provide the
authentification mecanism of your application. But each time, we call
the url "j_security_check", wich tell the container to proccess the
form submitted to authentify the current user, it seems like it's very
slow.
Even worst, we performed some stress test on this url and it's seems to
overload completly the server ressources. We noticed that if we call
directly "j_security_check", something we are not supposed to do, it
seems to start a infinite loop and eat up a lot of the server
ressources.
We contacted Oracle support about it and they have acknowledged the
bug. However, they don't provide any details on this issue because it's
security related. *sigh* How great!
To verify it was a container issue, we basically runned 2 tests and we
are currently looking to run a new one.
1. Stress testing the same application without security enabled. The
performance seems quite good.
2. Stress testing the JAAS module we are using for authentification.
Again, everything seems to run smoothly.
We are now looking to test the application with a different container
to see if the problem is still there.
Is there any other users who have run into this issue? Seems akward
that such a basic feature would be bugged in Oracle J2EE container and
the issue not documented or not reported by any user.
By the way, we are using Oc4j 9.0.4.2. Thanks for any help or hint!
Really appreciated.
Alexandre Poitras
We are currently facing some performance problems with OC4J container
based security. OC4J allows you, like most of the J2ee containers out
there, to plug-in a custom JAAS login module to provide the
authentification mecanism of your application. But each time, we call
the url "j_security_check", wich tell the container to proccess the
form submitted to authentify the current user, it seems like it's very
slow.
Even worst, we performed some stress test on this url and it's seems to
overload completly the server ressources. We noticed that if we call
directly "j_security_check", something we are not supposed to do, it
seems to start a infinite loop and eat up a lot of the server
ressources.
We contacted Oracle support about it and they have acknowledged the
bug. However, they don't provide any details on this issue because it's
security related. *sigh* How great!
To verify it was a container issue, we basically runned 2 tests and we
are currently looking to run a new one.
1. Stress testing the same application without security enabled. The
performance seems quite good.
2. Stress testing the JAAS module we are using for authentification.
Again, everything seems to run smoothly.
We are now looking to test the application with a different container
to see if the problem is still there.
Is there any other users who have run into this issue? Seems akward
that such a basic feature would be bugged in Oracle J2EE container and
the issue not documented or not reported by any user.
By the way, we are using Oc4j 9.0.4.2. Thanks for any help or hint!
Really appreciated.
Alexandre Poitras