Performance issues typically involve trade-offs between function and speed. Usually, the more function and the more processing involved, the slower the performance will be. Consider what type of security is necessary and what you can disable in your environment. For example, if your application servers are running in a Virtual Private Network (VPN), consider whether you must disable Single Sockets Layer (SSL). If you have a lot of users, can they be mapped to groups and associated the groups to your J2EE roles? These questions are things to consider when designing your security infrastructure.
There is always a trade-off between performance, feature and security. Security typically adds more processing time to your requests, but for a good reason. Not all security features are required in your environment. When you decide on tuning security, you should create a benchmark before making any change to ensure the change is improving performance.
In a large scale deployment, performance is very important. Running benchmark measurements with different combinations of features can help you to determine the best performance versus benefit configuration for your environment.
See these topics for more information about how you can tune your WebSphere security configuration:
General security tuning tips
See this topic for tips that can improve the general performance of WebSphere security.Tune CSIv2
If you are using the Common Security Interoperability Version 2 (CSIv2) authentication protocol, this topic offers considerations that can tune your configuration.Tune LDAP authentication
If you are using an LDAP user registry, see this topic for pointers to optimize the authentcation process.Tune Web authentication
If you are using browser-based authentication, see this topic for tuning tips.Tune authorization
See this topic for ways to speed up the authorization process.SSL performance tips
If you are using SSL connections with WebSphere Application Server, see this topic for tips to improve performance.