[ https://issues.jboss.org/browse/SECURITY-864?page=com.atlassian.jira.plug... ] Martin Letenay commented on SECURITY-864: ----------------------------------------- We have faced this problem after upgrade from JBoss 7.1 to Wildfly 9. However, it is not only cosmetic but has severe negative performance implications. Our application is EJB invocation intensive (invokes various EJB calls tens or hundreds times) and the performance after switch from 7.1 to 9.0 was 10 times slower ! However, the {{PolicyRegistration}} seems to be relevant only for XACML security configurations. For plain Delegate or JACC authorization modules the {{PolicyRegistration}} is never used (and never created). When e.g. JACC authorization is used, the (unsuccessful) JNDI lookup is performed for each and every (secured) EJB invocation and it results in unnecessary performance degradation. We couldn't find anywhere in the documentation or the code where the PolicyRegistration si being put into the JNDI tree. Since we're using custom LoginModule implementation, we have developed a temporary workaround that during initialization of JAAS LoginModule we check the existence of the {{java:/policyRegistration}} JNDI resource and if it is missing (actually always), we instantiate the {{org.jboss.security.plugins.JBossPolicyRegistration}} and bind it into JNDI tree. After this workaround, the performance of our application went back to normal times as of JBoss 7.1, i.e. nearly 10 times faster. It would be really nice to have this issue resolved properly (e.g. by storing negative JNDI lookup or registering the policy also for Delegate/JACC modules). -- This message was sent by Atlassian JIRA (v7.2.2#72004)