1 Reply Latest reply on Jul 5, 2004 1:44 AM by Alexander

    how much is the overhead of EJB security permission?

    Pedro Salazar Newbie

      Greetings,

      I'm updating my EJBs from empty security settings to a role properties permissions. Only a mininal subset of my methods will have a permission check. The majority (including all entity beans except create and remove methods) will be unchecked.

      I don't know the implementation details of security in JBOSS, so I would like to hear your opinion about the overhead of the security on EJB methods, for instance:

      - The unchecked methods will have any weight at runtime?
      - If my logic calls method _1() -> method _2() -> ... -> method _N(), and all the methods have security permission set, will the container verify just the first time or in each method step, there will be a significant weight on the security check?
      - The role check based on file properties (just for 1 or 2 single static users) is the best approach for securing EJB methods?
      - ...

      I would like to hear you about these issues and others...

      Regards,
      Pedro Salazar.

        • 1. Re: how much is the overhead of EJB security permission?
          Alexander Newbie

          - The unchecked methods will have any weight at runtime?
          - If my logic calls method _1() -> method _2() -> ... -> method _N() , and all the methods have security permission set, will the container verify just the first time or in each method step, there will be a significant weight on the security check?
          - The role check based on file properties (just for 1 or 2 single static users) is the best approach for securing EJB methods?


          1) very little
          2) in general each call is authorized separately
          3) the overhead on caching principals, credentials and roles is very little, so it is up to you where to keep the security information

          Alexander