From 253d77e685c1885bfb94fabd5c66c15286be6a9c Mon Sep 17 00:00:00 2001 From: rjung Date: Fri, 14 May 2010 17:33:40 +0000 Subject: [PATCH] Add Token Poller protection to our list of special leak protection. It initializes Java Cryptography Architecture early during startup to prevent the occasional Token Poller thread being started with the web app class loader as TCCL. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@944350 13f79535-47bb-0310-9956-ffa450edef68 --- .../core/JreMemoryLeakPreventionListener.java | 27 ++++++++++++++++++++++ webapps/docs/config/listeners.xml | 14 ++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java index 4a8c5d6e7..800a9eb4f 100644 --- a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java +++ b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java @@ -81,6 +81,21 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener { } /** + * Protect against the memory leak, when the initialization of the + * Java Cryptography Architecture is triggered by initializing + * a MessageDigest during web application deployment. + * This will occasionally start a Token Poller thread with the thread's + * context class loader equal to the web application class loader. + * Instead we initialize JCA early. + * Defaults to true. + */ + private boolean tokenPollerProtection = true; + public boolean isTokenPollerProtection() { return tokenPollerProtection; } + public void setTokenPollerProtection(boolean tokenPollerProtection) { + this.tokenPollerProtection = tokenPollerProtection; + } + + /** * Protect against resources being read for JAR files and, as a side-effect, * the JAR file becoming locked. Note this disables caching for all * {@link URLConnection}s, regardless of type. Defaults to @@ -164,6 +179,18 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener { } /* + * Creating a MessageDigest during web application startup + * initializes the Java Cryptography Architecture. Under certain + * conditions this starts a Token poller thread with TCCL equal + * to the web application class loader. + * + * Instead we initialize JCA right now. + */ + if (tokenPollerProtection) { + java.security.Security.getProviders(); + } + + /* * Several components end up opening JarURLConnections without first * disabling caching. This effectively locks the file. Whilst more * noticeable and harder to ignore on Windows, it affects all diff --git a/webapps/docs/config/listeners.xml b/webapps/docs/config/listeners.xml index 65ec4dcde..9f3d023a1 100644 --- a/webapps/docs/config/listeners.xml +++ b/webapps/docs/config/listeners.xml @@ -255,11 +255,23 @@ service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrm sun.misc.GC.requestLatency(long) triggered by a web application do not result in a memory leak. Use of RMI is likely to trigger a call to this method. A side effect of enabling this protection - is the creation of a thread named "GC Daemon". The protection is uses + is the creation of a thread named "GC Daemon". The protection uses reflection to access internal Sun classes and may generate errors on startup on non-Sun JVMs. The default is true.

+ +

Enables protection so that any token poller thread initialized by + sun.security.pkcs11.SunPKCS11.initToken() does not + result in a memory leak. The thread is started depending on various + conditions as part of the initialization of the Java Cryptography + Architecture. Without the protection this can happen during Webapp + deployment when the MessageDigest for generating session IDs is + initialized. As a result the thread has the Webapp class loader as its + thread context class loader. Enabling the protection initializes JCA + early during Tomcat startup. Defaults to true.

+ +

Enables protection so that reading resources from JAR files using java.net.URLConnections does not result in the JAR file -- 2.11.0