Hi,

I'm facing a strange problem: My non-secure web app works fine.

Securing the web app (web.xml/jboss-web.xml/jboss.xml) makes it very slow: The time spent in the servlets service() method is the same (< 100 ms), but the transmission back to the client takes about 20s. Even the delivery of simple static html pages takes very long.

jboss 2.4.9 with tomcat 3.2.3
jsps/servlets with some session beans
DatabaseLoginModule

The session beans have a XADataSource,
the login module has a simple JDBC Data Source to get rid of "not in a tx" messages.
[WARN,XAConnectionFactory] XAConnectionImpl: org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@6d0040 has no current tx!

I assume a problem in the way the response is transmitted back to the client -- how does security change that?

Things get really worse with file uploads -- "document contains no data", no reaction at all ...

tomcat 4.x has the same problem, further it gives me a MAPPING configuration error
[INFO,Engine] StandardHost[localhost]: MAPPING configuration error for request URI


jboss 3.x security is not stable, tried this too.

Ciao
Roland


<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<!-- These roles have access -->
<role-name>role-admin</role-name>
<role-name>role-connect</role-name>
</auth-constraint>
</security-constraint>


<!-- BASIC HTTP authorization: Works -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>(basic auth)</realm-name>
</login-config>