Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49669

Another Java class triggering a memory leak. This time javax.security.auth.Policy

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@988296 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
index e3619cd..79a7f41 100644 (file)
--- a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
+++ b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
@@ -23,6 +23,7 @@ import java.lang.reflect.Method;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
+import java.security.Policy;
 
 import javax.imageio.ImageIO;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -93,6 +94,20 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener {
          this.keepAliveProtection = keepAliveProtection;
      }
     
+     /**
+      * Protect against the memory leak caused when the first call to
+      * <code>javax.security.auth.Policy</code> is triggered by a web
+      * application. This first call populate a static variable with a reference
+      * to the context class loader. Defaults to <code>true</code>.
+      */
+     private boolean securityPolicyProtection = true;
+     public boolean iSsecurityPolicyProtection() {
+         return securityPolicyProtection;
+     }
+     public void setSecurityPolicyProtection(boolean securityPolicyProtection) {
+         this.securityPolicyProtection = securityPolicyProtection;
+     }
+     
     /**
      * Protect against the memory leak, when the initialization of the
      * Java Cryptography Architecture is triggered by initializing
@@ -212,6 +227,19 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener {
             }
             
             /*
+             * Calling getPolicy retains a static reference to the context class
+             * loader.
+             */
+            if (securityPolicyProtection) {
+                try {
+                    Policy.getPolicy();
+                } catch(SecurityException e) {
+                    // Ignore. Don't need call to getPolicy() to be successful,
+                    // just need to trigger static initializer.
+                }
+            }
+
+            /*
              * Creating a MessageDigest during web application startup
              * initializes the Java Cryptography Architecture. Under certain
              * conditions this starts a Token poller thread with TCCL equal

diff --git a/webapps/docs/config/listeners.xml b/webapps/docs/config/listeners.xml
index c15c03f..2890919 100644 (file)
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -270,6 +270,16 @@ service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrm
         trigger a memory leak on reload. Defaults to <code>true</code>.</p>
       </attribute>
 
+      <attribute name="securityPolicyProtection" required="false">
+        <p>Enables protection so that usage of
+        <code>javax.security.auth.Policy</code> by a web application does not
+        result in a memory leak. The first access of this class will trigger the
+        static initializer that will retain a static reference to the context
+        class loader. The protection calls the <code>getPolicy()</code> method
+        of this class to ensure that the static initializer is not triggered by
+        a web application. Defaults to <code>true</code>.</p>
+      </attribute>
+
       <attribute name="tokenPollerProtection" required="false">
         <p>Enables protection so that any token poller thread initialized by
         <code>sun.security.pkcs11.SunPKCS11.initToken()</code> does not