Java Web Start itself enables the security manager.
Because Java Web Start loads and launches applications over the network it is very careful with security. To protect the end user Java Web Start does not let any downloaded code run with elevated privileges unless the security manager allows it. So it always turns the security manager on and enforces the security policy that controls which code can do what.
Have you profiled the execution of the client when launched using Java Web Start? Is that how you have determined that it is the security manager overhead that is causing the extreme performance problems you mentioned?
Launching app clients in GlassFish 3.x should be faster than in GlassFish 2.x. I realize upgrading might have other issues for you, but you might try testing with 3.x to find out if it makes a difference in how fast clients start up.
- Tim
On Aug 24, 2012, at 4:06 AM, forums_at_java.net wrote:
> We use GlassFish 2.1.1 and our EAR contains an application client which can
> be launched via Web Start. So our client app is running in the application
> client container provided by GlassFish. When you launch the client GlassFish
> does some stuff and invokes a method named prepareSecurity() from class
> MainWithModuleSupport. In this method is code something like this ... /*
> security init */ 401 SecurityManager secMgr = System.getSecurityManager();
> 402 if (!isJWS && secMgr != null && 403
> !(J2EESecurityManager.class.equals(secMgr.getClass()))) { 404
> J2EESecurityManager mgr = new J2EESecurityManager(); 405
> System.setSecurityManager(mgr); 406 } 407 if (_logger.isLoggable(Level.INFO))
> { 408 if (secMgr != null) { 409 _logger.info("acc.secmgron"); 410 } else {
> 411 _logger.info("acc.secmgroff"); 412 } 413 } ... Line 409 results in an
> output *"SecurityManager is ON"* logged to the Web Start console window. In
> the GlassFish Server we have not turned on Security Manager, so I am
> wondering why in line 401 a securityManager instance is found (I would expect
> secMgr to be null). Is there a way to configure GlassFish so that no security
> manager is set for the application client? We do not need it for the
> particular client and we suffer from extreme performance problems when
> security manager is on. Of course we can disable the security manager in the
> main class of our client but until the main class is invoked by GlassFish
> appClient container it already takes too much time where it seems from an
> user perspective if nothing happens at all for some minutes! Any ideas?
> squibber
>
> --
>
> [Message sent by forum member 'squibber']
>
> View Post: http://forums.java.net/node/889518
>
>