From e04b96cd4b18878e6de9ea96c3326033f540fbb3 Mon Sep 17 00:00:00 2001 From: slaurent Date: Fri, 3 Dec 2010 22:19:11 +0000 Subject: [PATCH] bug 50282 : Load javax.security.auth.login.Configuration with JreMemoryLeakPreventionListener to avoid memory leak when stopping a webapp that would use JAAS. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1042029 13f79535-47bb-0310-9956-ffa450edef68 --- .../core/JreMemoryLeakPreventionListener.java | 29 +++++++++++++++++++++- webapps/docs/changelog.xml | 6 +++++ webapps/docs/config/listeners.xml | 10 ++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java index 24fdb7507..64c9f2650 100644 --- a/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java +++ b/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java @@ -107,7 +107,21 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener { this.securityPolicyProtection = securityPolicyProtection; } - /** + /** + * Protect against the memory leak caused when the first call to + * javax.security.auth.login.Configuration is triggered by a web + * application. This first call populate a static variable with a reference + * to the context class loader. Defaults to true. + */ + private boolean securityLoginConfigurationProtection = true; + public boolean isSecurityLoginConfigurationProtection() { + return securityLoginConfigurationProtection; + } + public void setSecurityLoginConfigurationProtection(boolean securityLoginConfigurationProtection) { + this.securityLoginConfigurationProtection = securityLoginConfigurationProtection; + } + + /** * Protect against the memory leak, when the initialization of the * Java Cryptography Architecture is triggered by initializing * a MessageDigest during web application deployment. @@ -274,6 +288,19 @@ public class JreMemoryLeakPreventionListener implements LifecycleListener { } } + + /* + * Initializing javax.security.auth.login.Configuration retains a static reference to the context + * class loader. + */ + if (securityLoginConfigurationProtection) { + try { + Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader()); + } catch(ClassNotFoundException e) { + // Ignore + } + } + /* * Creating a MessageDigest during web application startup * initializes the Java Cryptography Architecture. Under certain diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index febf50b48..677ff963a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -43,6 +43,12 @@ + 50282: Load javax.security.auth.login.Configuration + with JreMemoryLeakPreventionListener to avoid memory leak + when stopping a webapp that would use JAAS. + (slaurent) + + 48973: Avoid creating a SESSIONS.ser file when stopping an application if there's no session. Patch provided by Marc Guillemot. (slaurent) diff --git a/webapps/docs/config/listeners.xml b/webapps/docs/config/listeners.xml index 713d1ffa1..10976e205 100644 --- a/webapps/docs/config/listeners.xml +++ b/webapps/docs/config/listeners.xml @@ -270,6 +270,16 @@ service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrm trigger a memory leak on reload. Defaults to true.

+ +

Enables protection so that usage of the + javax.security.auth.login.Configuration class by a web + application does not in a memory leak. The first access of this class will + trigger the initializer that will retain a static reference to the context + class loader. The protection loads the class with the system classloader + to ensure that the static initializer is not triggered by web application. + Defaults to true.

+ +

Enables protection so that usage of the deprecated javax.security.auth.Policy class by a web application does not -- 2.11.0