Web Security - Performance Considerations

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Web Security - Performance Considerations

Anil Saldhana
Hi Remy,
   I just wanted to pick your brain on the following:

Web Authorization:
Previously, the JBoss Authorization stack was run by default for access
control unless the user configured not to do so.  In JBoss AS7.1, we
have this disabled until the user configures the following in jboss-web.xml
<use-jboss-authorization>true</use-jboss-authorization>


Web Audit:
I had a brief chat with JFClere last week and decided on the following:
JBossWebRealm will send audit events to the audit framework unless the
following setting is in jboss-web.xml
<disable-audit>true</disable-audit>

Audit is the feature that can add miniscule overhead.  So if you want to
turn it off the audit by default, you have to change JBossWebRealm to
have:   boolean disableAudit = true rather than the current "false".  In
that case, we will require the users to configure jboss-web.xml if they
want audit for that particular webapp.

In think the authorization piece does not add any overhead.  I just want
to check with you on the audit part.

Regards,
Anil
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev