Attachment #26309 for bug #50282

View | Details | Raw Unified | Return to bug 50282
Collapse All | Expand All




         this.securityPolicyProtection = securityPolicyProtection;
     }
     
     /**
      * Protect against the memory leak caused when the first call to
      * <code>javax.security.auth.login.Configuration</code> is triggered by a web
      * application. This first call populate a static variable with a reference
      * to the context class loader. Defaults to <code>true</code>.
      */
     private boolean securityLoginConfigurationProtection = true;
     public boolean isSecurityLoginConfigurationProtection() {
         return securityLoginConfigurationProtection;
     }
     public void setSecurityLoginConfigurationProtection(boolean securityLoginConfigurationProtection) {
         this.securityLoginConfigurationProtection = securityLoginConfigurationProtection;
     }

     /**
     * Protect against the memory leak, when the initialization of the
     * Java Cryptography Architecture is triggered by initializing
     * a MessageDigest during web application deployment.

                    }
                }
    
                
                /*
                 * Initializing javax.security.auth.login.Configuration retains a static reference to the context 
                 * class loader.
                 */
                if (securityLoginConfigurationProtection) {
                    try {
                        Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader());
                    } catch(ClassNotFoundException e) {
                        // Ignore
                    }
                }

                /*
                 * Creating a MessageDigest during web application startup
                 * initializes the Java Cryptography Architecture. Under certain
                 * conditions this starts a Token poller thread with TCCL equal




        trigger a memory leak on reload. Defaults to <code>true</code>.</p>
      </attribute>

      <attribute name="securityLoginConfigurationProtection" required="false">
        <p>Enables protection so that usage of the
        <code>javax.security.auth.login.Configuration</code> class by a web 
        application does not in a memory leak. The first access of this class will
        trigger the initializer that will retain a static reference to the context
        class loader. The protection loads the class with the system classloader 
        to ensure that the static initializer is not triggered by web application.
        Defaults to <code>true</code>.</p>
      </attribute>

      <attribute name="securityPolicyProtection" required="false">
        <p>Enables protection so that usage of the deprecated
        <code>javax.security.auth.Policy</code> class by a web application does not

Return to bug 50282

Lines 107-113 Link Here

(-)java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java (-1 / +28 lines)
107	this.securityPolicyProtection = securityPolicyProtection;	107	this.securityPolicyProtection = securityPolicyProtection;
108	}	108	}
109		109
110	/**	110	/**
		111	* Protect against the memory leak caused when the first call to
		112	* <code>javax.security.auth.login.Configuration</code> is triggered by a web
		113	* application. This first call populate a static variable with a reference
		114	* to the context class loader. Defaults to <code>true</code>.
		115	*/
		116	private boolean securityLoginConfigurationProtection = true;
		117	public boolean isSecurityLoginConfigurationProtection() {
		118	return securityLoginConfigurationProtection;
		119	}
		120	public void setSecurityLoginConfigurationProtection(boolean securityLoginConfigurationProtection) {
		121	this.securityLoginConfigurationProtection = securityLoginConfigurationProtection;
		122	}
		123
		124	/**
111	* Protect against the memory leak, when the initialization of the	125	* Protect against the memory leak, when the initialization of the
112	* Java Cryptography Architecture is triggered by initializing	126	* Java Cryptography Architecture is triggered by initializing
113	* a MessageDigest during web application deployment.	127	* a MessageDigest during web application deployment.
Lines 274-280 Link Here
274	}	288	}
275	}	289	}
276		290
		291
277	/*	292	/*
		293	* Initializing javax.security.auth.login.Configuration retains a static reference to the context
		294	* class loader.
		295	*/
		296	if (securityLoginConfigurationProtection) {
		297	try {
		298	Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader());
		299	} catch(ClassNotFoundException e) {
		300	// Ignore
		301	}
		302	}
		303
		304	/*
278	* Creating a MessageDigest during web application startup	305	* Creating a MessageDigest during web application startup
279	* initializes the Java Cryptography Architecture. Under certain	306	* initializes the Java Cryptography Architecture. Under certain
280	* conditions this starts a Token poller thread with TCCL equal	307	* conditions this starts a Token poller thread with TCCL equal

Lines 270-275 Link Here

(-)webapps/docs/config/listeners.xml (+10 lines)
270	trigger a memory leak on reload. Defaults to <code>true</code>.</p>	270	trigger a memory leak on reload. Defaults to <code>true</code>.</p>
271	</attribute>	271	</attribute>
272		272
		273	<attribute name="securityLoginConfigurationProtection" required="false">
		274	<p>Enables protection so that usage of the
		275	<code>javax.security.auth.login.Configuration</code> class by a web
		276	application does not in a memory leak. The first access of this class will
		277	trigger the initializer that will retain a static reference to the context
		278	class loader. The protection loads the class with the system classloader
		279	to ensure that the static initializer is not triggered by web application.
		280	Defaults to <code>true</code>.</p>
		281	</attribute>
		282
273	<attribute name="securityPolicyProtection" required="false">	283	<attribute name="securityPolicyProtection" required="false">
274	<p>Enables protection so that usage of the deprecated	284	<p>Enables protection so that usage of the deprecated
275	<code>javax.security.auth.Policy</code> class by a web application does not	285	<code>javax.security.auth.Policy</code> class by a web application does not