Gang, The deployment of individual class files from the portal project in WEB-INF/classes instead of packaging as a jar and deploying in WEB-INF/lib is causing java Permission checks to be significantly slower than they could be.
The reason for this is that each individual *.class file is being treated as a separate CodeSource/PermissionDomain and must be tested individually when AccessController.checkPermission() is invoked. All classes deployed in a jar file reuse a single CodeSource/PermissionDomain. Minimizing the number of CodeSources/PermissionDomains will limit the number of access to RdbmsPolicy.getPolicies(), because each unique CodeSource on the call stack between the SecurityValveImpl.invoke() and AccessController.checkPermission() invocations will result in an additional RdbmsPolicy.getPolicies() hit, (per each user/unique call stack). Do any of you have a problem with me modifying the maven build to package the class files into a single jar? Was there a reason to deploy in WEB-INF/classes instead of WEB-INF/lib in the first place? Any input or comments are appreciated. Thanks, Randy
