Oracle Fusion Middleware Security Performance Tuning 25-3

25.3.1 JVM Tuning Parameters

Tuning the JVM parameters can greatly improve performance. For example, the JVM Heap size should be tuned depending upon the number of roles and permissions in the store. At run time, all roles and permissions are stored in the in-memory cache. For more JVM tuning information, see Section 2.4, Tune Java Virtual Machines JVMs .

25.3.2 LDAP Tuning Parameters

This section covers Lightweight Directory Access Protocol LDAP tuning. Oracle supports the management of policies in file-based repositories: Oracle Internet Directory and Oracle Virtual Directory. If you encounter increased CPU usage due to high SQL execution times, see the following chapters for basic tuning configurations for large deployments: ■ Oracle Internet Directory configuration settings can impact performance. For more information, see Chapter 22, Oracle Internet Directory Performance Tuning . ■ In addition to being configured as a LDAP server, Oracle Virtual Directory can also be configured as a local storage adapter LSA. See Chapter 23, Oracle Virtual Directory Performance Tuning .

25.3.3 Authentication Tuning Parameters

For OPSS Authentication tuning, see Improving the Performance of WebLogic and LDAP Authentication Providers in the Oracle Fusion Middleware Securing Oracle WebLogic Server guide at the Oracle Technology Network http:download.oracle.comdocscdE12840_ 01wlsdocs103secmanageatn.htmlwp1199087 .

25.3.4 Authorization Tuning Properties

The following Java system properties can be used to optimize authorization: 25-4 Oracle Fusion Middleware Performance and Tuning Guide

25.3.5 OPSS PDP Service Tuning Parameters

Table 25–2 provides OPSS tuning parameters for policy store: Table 25–1 Authorization Properties Java System Properties Default Value Valid Values Notes -Djps.combiner.optimize=true True True False This system property is used to cache the protection domains for a given subject. Setting -Djps.combiner.optimize=tr ue can improve Java authorization performance. -Djps.combiner.optimize.lazy eval=true True True False This system property is used to evaluate a subjects protection domain when a checkPermission occurs. Setting -Djps.combiner.optimize.la zyeval=true can improve Java authorization performance. -Djps.policystore.hybrid.mod e=false False True False This hybrid mode property is used to facilitate transition from SUN java.security.Policy to OPSS Java Policy Provider. The OPSS Java Policy Provider reads from both java.policy and system-jazn-data.xml.Hybrid mode can be disabled by setting the system property jps.policystore.hybrid.mod e to false when starting the WebLogic Server. Setting -Djps.policystore.hybrid.m ode=false can reduce runtime overhead. -Djps.authz=ACC ACC ACC SM Delegates the call to JDK API AccessController.checkPerm ission which can reduce the performance impact at run time or while debugging. ACC: delegate to AccessController.checkPerm ission SM: delegate to SecurityManager if SecurityManager is set.