Hi all,

We are currently facing some performance problems with OC4J container based security. OC4J allows you, like most of the J2ee containers out there, to plug-in a custom JAAS login module to provide the authentification mecanism of your application. But each time, we call the url "j_security_check", wich tell the container to proccess the form submitted to authentify the current user, it seems like it's very slow.

Even worst, we performed some stress test on this url and it's seems to overload completly the server ressources. We noticed that if we call directly "j_security_check", something we are not supposed to do, it seems to start a infinite loop and eat up a lot of the server ressources.

We contacted Oracle support about it and they have acknowledged the bug. However, they don't provide any details on this issue because it's security related. *sigh* How great!

To verify it was a container issue, we basically runned 2 tests and we are currently looking to run a new one.

1. Stress testing the same application without security enabled. The performance seems quite good.

2. Stress testing the JAAS module we are using for authentification. Again, everything seems to run smoothly.

We are now looking to test the application with a different container to see if the problem is still there.

Is there any other users who have run into this issue? Seems akward that such a basic feature would be bugged in Oracle J2EE container and the issue not documented or not reported by any user.

By the way, we are using Oc4j 9.0.4.2. Thanks for any help or hint! Really appreciated.

Alexandre Poitras