United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6423370 : Fix for bug 5098318 prevents caching of JAR files containing cipher code

Details
Type:
Bug
Submit Date:
2006-05-09
Status:
Resolved
Updated Date:
2010-12-07
Project Name:
JDK
Resolved Date:
2006-06-26
Component:
security-libs
OS:
windows_xp,windows_2000
Sub-Component:
javax.crypto
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
1.4.2_10
Fixed Versions:
1.4.2_13 (b01)

Related Reports
Backport:
Backport:
Duplicate:
Relates:
Relates:
Relates:

Sub Tasks

Description
My customer develops an online banking application for a major german bank. Since upgrading to 1.4.2_10 (where the fix to bug 5098318 is included), their online application JAR file is no longer cached. This results in a massive delay for customers when they attempt to login, as the whole JAR file is downloaded every time a login takes place.

From speaking with Mala Bankal, he believes that the fix for bug id 5098318 to be the cause for this problem.

From the original bug, we have:

Thus, JCE framework would access caller codebase as well as
several other jars in order to determine the allowed crypto
strength. The accesses are through JarURLConnection and caching
is on *by default*. The current JarURLConnection impl does
not seem to allow its callers to purge or delete the cached 
jars. 

Will have to disable caching unless the current JarURLConnection
impl can be fixed/enhanced to support the file purging.


As the disablement of this cache is now causing problems, would it be possible to
fix the JarURLConnection implementation, so that the cipher code correctly obeys
the caching status as set by setUseCaches?

                                    

Comments
EVALUATION

Based on the various troubleshooting feedback from the customer, the performance issue is affected by:
6226269: JAR verification causes significant footprint increases
5098318: Cached Jar file should be released on appl. exit even that is opended by Cipher

Thus, the fix for this performance issue would be to fix the Jar verification performance problem (addressed by 6364728) as well as changing JCE to enable Jar caching for the (plug-in + http jar URL) scenario.
As for other scenarios such as (JRE + http/file jar URL), their caching mechanism is memory based and does not affect JCE performance since the jar verification is done only once.
                                     
2006-06-12



Hardware and Software, Engineered to Work Together