Server User Manual
Table Of Contents
- Sun GlassFish Enterprise Server 2.1 Performance Tuning Guide
- Preface
- Overview of Enterprise Server Performance Tuning
- Tuning Your Application
- Java Programming Guidelines
- Java Server Page and Servlet Tuning
- EJB Performance Tuning
- Goals
- Monitoring EJB Components
- General Guidelines
- Using Local and Remote Interfaces
- Improving Performance of EJB Transactions
- Use Container-Managed Transactions
- Don’t Encompass User Input Time
- Identify Non-Transactional Methods
- Use TX_REQUIRED for Long Transaction Chains
- Use Lowest Cost Database Locking
- Use XA-Capable Data Sources Only When Needed
- Configure JDBC Resources as One-Phase Commit Resources
- Use the Least Expensive Transaction Attribute
- Using Special Techniques
- Tuning Tips for Specific Types of EJB Components
- JDBC and Database Access
- Tuning Message-Driven Beans
- Tuning the Enterprise Server
- Deployment Settings
- Logger Settings
- Web Container Settings
- EJB Container Settings
- Java Message Service Settings
- Transaction Service Settings
- HTTP Service Settings
- ORB Settings
- Thread Pool Settings
- Resources
- Tuning the Java Runtime System
- Tuning the Operating System and Platform
- Tuning for High-Availability
- Index
Security Requirements
Most business applications require security. This section discusses security considerations and
decisions.
User Authentication and Authorization
Application users must be authenticated. The Application Server provides three dierent
choices for user authentication: le-based, LDAP, and Solaris.
The default le based security realm is suitable for developer environments, where new
applications are developed and tested. At deployment time, the server administrator can choose
between the Lighweight Directory Access Protocol (LDAP) or Solaris security realms. Many
large enterprises use LDAP-based directory servers to maintain employee and customer
proles. Small to medium enterprises that do not already use a directory server may nd it
advantageous to leverage investment in Solaris security infrastructure.
For more information on security realms, see
Chapter 9, “Conguring Security,” in Sun
GlassFish Enterprise Server 2.1 Administration Guide.
The type of authentication mechanism chosen may require additional hardware for the
deployment. Typically a directory server executes on a separate server, and may also require a
backup for replication and high availability. Refer to Sun Java System Directory Server
documentation for more information on deployment, sizing, and availability guidelines.
An authenticated user’s access to application functions may also need authorization checks. If
the application uses the role-based Java EE authorization checks, the application server
performs some additional checking, which incurs additional overheads. When you perform
capacity planning, you must take this additional overhead into account.
Encryption
For security reasons, sensitive user inputs and application output must be encrypted. Most
business-oriented web applications encrypt all or some of the communication ow between the
browser and Application Server. Online shopping applications encrypt trac when the user is
completing a purchase or supplying private data. Portal applications such as news and media
typically do not employ encryption. Secure Sockets Layer (SSL) is the most common security
framework, and is supported by many browsers and application servers.
The Application Server supports SSL 2.0 and 3.0 and contains software support for various
cipher suites. It also supports integration of hardware encryption cards for even higher
performance. Security considerations, particularly when using the integrated software
encryption, will impact hardware sizing and capacity planning.
Consider the following when assessing the encryption needs for a deployment:
Understanding Operational Requirements
Chapter 1 • Overview of Enterprise Server PerformanceTuning 21