0 Replies Latest reply on Oct 3, 2002 7:56 AM by Roland Haag

    Secure web app works, but requests take a very long time to

    Roland Haag Newbie

      Hi,

      I'm facing a strange problem: My non-secure web app works fine.

      Securing the web app (web.xml/jboss-web.xml/jboss.xml) makes it very slow: The time spent in the servlets service() method is the same (< 100 ms), but the transmission back to the client takes about 20s. Even the delivery of simple static html pages takes very long.

      jboss 2.4.9 with tomcat 3.2.3
      jsps/servlets with some session beans
      DatabaseLoginModule

      The session beans have a XADataSource,
      the login module has a simple JDBC Data Source to get rid of "not in a tx" messages.
      [WARN,XAConnectionFactory] XAConnectionImpl: org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@6d0040 has no current tx!

      I assume a problem in the way the response is transmitted back to the client -- how does security change that?

      Things get really worse with file uploads -- "document contains no data", no reaction at all ...

      tomcat 4.x has the same problem, further it gives me a MAPPING configuration error
      [INFO,Engine] StandardHost[localhost]: MAPPING configuration error for request URI


      jboss 3.x security is not stable, tried this too.

      Ciao
      Roland


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Declarative security
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <!-- These roles have access -->
      <role-name>role-admin</role-name>
      <role-name>role-connect</role-name>
      </auth-constraint>
      </security-constraint>


      <!-- BASIC HTTP authorization: Works -->
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>(basic auth)</realm-name>
      </login-config>