|
Quick Lists
|
|
Bug ID:
|
6783308
|
|
Votes
|
0
|
|
Synopsis
|
Browser certificates should not be loaded unless needed
|
|
Category
|
javawebstart:general
|
|
Reported Against
|
|
|
Release Fixed
|
6u14(b02)
|
|
State
|
11-Closed,
Unverified,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
6763369
|
|
Submit Date
|
10-DEC-2008
|
|
Description
|
Processing following JNLP file causes initialization of HTTPS handler that does load browser certificates
on startup (from static initializer).
However, there are no https connections created and certificates are not used.
<jnlp spec="1.0+" version="1.0.0" codebase="http://dl.javafx.com/" href="Decora__V1.0.0.jnlp">
<information>
<title>Effects Framework</title>
<vendor>Sun Microsystems, Inc.</vendor>
<homepage href="https://scenegraph-effects.dev.java.net/"/>
<offline-allowed/>
</information>
<security>
<all-permissions/>
</security>
<resources/>
<resources os="Windows" arch="x86">
<jar href="Decora-SSE__V1.0.0.jar" part="Decora" download="eager"/>
<nativelib href="Decora-SSE-natives-windows-i586__V1.0.0.jar" part="Decora" download="eager"/>
<jar href="Decora-HW__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-D3D__V1.0.0.jar" part="Decora" download="lazy"/>
<nativelib href="Decora-D3D-natives-windows-i586__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-OGL__V1.0.0.jar" part="Decora" download="lazy"/>
<extension name="jogl" href="jogl.jnlp" version="1.1.1">
<ext-download ext-part="jogl" download="lazy"/>
</extension>
</resources>
<resources os="Mac OS X">
<jar href="Decora-SSE__V1.0.0.jar" part="Decora" download="eager"/>
<nativelib href="Decora-SSE-natives-macosx__V1.0.0.jar" part="Decora" download="eager"/>
</resources>
<resources os="Linux">
<jar href="Decora-HW__V1.0.0.jar" part="Decora" download="lazy"/>
<jar href="Decora-OGL__V1.0.0.jar" part="Decora" download="lazy"/>
<extension name="jogl" href="jogl.jnlp" version="1.1.1">
<ext-download ext-part="jogl" download="lazy"/>
</extension>
</resources>
<component-desc/>
</jnlp>
Posted Date : 2008-12-10 11:40:27.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
Initialization of https handler happens because JNLP file mentions https URL in the homepage tag.
One obvious thing to fix is that we should delay loading certificates until first connection is created.
However, we probably should not instantiate https handler at all as homepage attribute is not really needed to start webstart application. Perhaps parsing XML descriptor we can be more lazy.
Posted Date : 2008-12-10 11:40:27.0
Test results for tentative fix show ~2% improvement on minimal FX applications.
Note that app_jws_swing and app_swing had not show any significant change and this is fine as they do not use FX extensions.
==============================================================================
logs/app_fx_test:
Benchmark Samples Mean Stdev Geomean Weight
startup2 10 1745.49 13.90
app_fx_app 10 3717.10 17.28 0.25
app_fx_jws 10 2306.20 60.09 0.25
app_jws_swing 10 1615.60 10.91 0.25
app_swing 10 670.40 4.72 0.25
==============================================================================
logs/app_fx_test.new:
Benchmark Samples Mean Stdev %Diff P Significant
startup2 10 1722.72 7.81 1.30 0.000 Yes
app_fx_app 10 3643.80 17.76 1.97 0.000 Yes
app_fx_jws 10 2220.30 23.97 3.72 0.001 Yes
app_jws_swing 10 1620.40 16.39 -0.30 0.452 *
app_swing 10 671.90 0.32 -0.22 0.342 *
==============================================================================
* - Not Significant: A non-zero %Diff for the mean could be noise. If the
%Diff is 0, an actual difference may still exist. In either case, more
samples would be needed to detect an actual difference in sample means.
Posted Date : 2008-12-10 18:19:40.0
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
