}
/**
+ * Protect against the memory leak, when the initialization of the
+ * Java Cryptography Architecture is triggered by initializing
+ * a MessageDigest during web application deployment.
+ * This will occasionally start a Token Poller thread with the thread's
+ * context class loader equal to the web application class loader.
+ * Instead we initialize JCA early.
+ * Defaults to <code>true</code>.
+ */
+ private boolean tokenPollerProtection = true;
+ public boolean isTokenPollerProtection() { return tokenPollerProtection; }
+ public void setTokenPollerProtection(boolean tokenPollerProtection) {
+ this.tokenPollerProtection = tokenPollerProtection;
+ }
+
+ /**
* Protect against resources being read for JAR files and, as a side-effect,
* the JAR file becoming locked. Note this disables caching for all
* {@link URLConnection}s, regardless of type. Defaults to
}
/*
+ * Creating a MessageDigest during web application startup
+ * initializes the Java Cryptography Architecture. Under certain
+ * conditions this starts a Token poller thread with TCCL equal
+ * to the web application class loader.
+ *
+ * Instead we initialize JCA right now.
+ */
+ if (tokenPollerProtection) {
+ java.security.Security.getProviders();
+ }
+
+ /*
* Several components end up opening JarURLConnections without first
* disabling caching. This effectively locks the file. Whilst more
* noticeable and harder to ignore on Windows, it affects all
<code>sun.misc.GC.requestLatency(long)</code> triggered by a web
application do not result in a memory leak. Use of RMI is likely to
trigger a call to this method. A side effect of enabling this protection
- is the creation of a thread named "GC Daemon". The protection is uses
+ is the creation of a thread named "GC Daemon". The protection uses
reflection to access internal Sun classes and may generate errors on
startup on non-Sun JVMs. The default is <code>true</code>.</p>
</attribute>
+ <attribute name="tokenPollerProtection" required="false">
+ <p>Enables protection so that any token poller thread initialized by
+ <code>sun.security.pkcs11.SunPKCS11.initToken()</code> does not
+ result in a memory leak. The thread is started depending on various
+ conditions as part of the initialization of the Java Cryptography
+ Architecture. Without the protection this can happen during Webapp
+ deployment when the MessageDigest for generating session IDs is
+ initialized. As a result the thread has the Webapp class loader as its
+ thread context class loader. Enabling the protection initializes JCA
+ early during Tomcat startup. Defaults to <code>true</code>.</p>
+ </attribute>
+
<attribute name="urlCacheProtection" required="false">
<p>Enables protection so that reading resources from JAR files using
<code>java.net.URLConnection</code>s does not result in the JAR file
projects / tomcat7.0 / commitdiff