Skip to main content

GlassFish 2.1.1 - Way to start application client via Java Web Start without SecurityManager?

1 reply [Last post]
Joined: 2012-08-22

We use GlassFish 2.1.1 and our EAR contains an application client which can be launched via Web Start. So our client app is running in the application client container provided by GlassFish.

When you launch the client GlassFish does some stuff and invokes a method named prepareSecurity() from class MainWithModuleSupport.

In this method is code something like this

/* security init */
401         SecurityManager   secMgr = System.getSecurityManager();
402         if (!isJWS && secMgr != null &&
403                 !(J2EESecurityManager.class.equals(secMgr.getClass()))) {
404             J2EESecurityManager mgr = new J2EESecurityManager();
405             System.setSecurityManager(mgr);
406         }
407         if (_logger.isLoggable(Level.INFO)) {
408             if (secMgr != null) {
409       "acc.secmgron");
410             } else {
411       "acc.secmgroff");
412             }
413         }

Line 409 results in an output "SecurityManager is ON" logged to the Web Start console window.

In the GlassFish Server we have not turned on Security Manager, so I am wondering why in line 401 a securityManager instance is found (I would expect secMgr to be null).

Is there a way to configure GlassFish so that no security manager is set for the application client? We do not need it for the particular client and we suffer from extreme performance problems when security manager is on.

Of course we can disable the security manager in the main class of our client but until the main class is invoked by GlassFish appClient container it already takes too much time where it seems from an user perspective if nothing happens at all for some minutes!

Any ideas?


Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2012-08-22

Further debugging reveals that it is not the SecurityManager alone. It is a combination of SecurityManager and McAffee Virus Scanner. After the client jar has been downloaded and the app is starting the client jar gets unpacked in a temp directory. This process takes 75 seconds. Because of our organizational security policy it is not allowed to disable or reduce scanning of JARs or CLASS files by MacAffee.

Even if McAffee scan is disabled it still takes about 30 seconds which is 25 seconds longer than before when we used JWS without running in an appClient container. This is frustating because I was actually happy to transfer our JWS app to the client container because I thought we would have less footprints, performance gains, smaller ear.. but unfortunately the appClient start up process is a show stopper for our company.