View | Details | Raw Unified | Return to bug 50282
Collapse All | Expand All

(-)java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java (-1 / +28 lines)
Lines 107-113 Link Here
107
         this.securityPolicyProtection = securityPolicyProtection;
107
         this.securityPolicyProtection = securityPolicyProtection;
108
     }
108
     }
109
     
109
     
110
    /**
110
     /**
111
      * Protect against the memory leak caused when the first call to
112
      * <code>javax.security.auth.login.Configuration</code> is triggered by a web
113
      * application. This first call populate a static variable with a reference
114
      * to the context class loader. Defaults to <code>true</code>.
115
      */
116
     private boolean securityLoginConfigurationProtection = true;
117
     public boolean isSecurityLoginConfigurationProtection() {
118
         return securityLoginConfigurationProtection;
119
     }
120
     public void setSecurityLoginConfigurationProtection(boolean securityLoginConfigurationProtection) {
121
         this.securityLoginConfigurationProtection = securityLoginConfigurationProtection;
122
     }
123
124
     /**
111
     * Protect against the memory leak, when the initialization of the
125
     * Protect against the memory leak, when the initialization of the
112
     * Java Cryptography Architecture is triggered by initializing
126
     * Java Cryptography Architecture is triggered by initializing
113
     * a MessageDigest during web application deployment.
127
     * a MessageDigest during web application deployment.
Lines 274-280 Link Here
274
                    }
288
                    }
275
                }
289
                }
276
    
290
    
291
                
277
                /*
292
                /*
293
                 * Initializing javax.security.auth.login.Configuration retains a static reference to the context 
294
                 * class loader.
295
                 */
296
                if (securityLoginConfigurationProtection) {
297
                    try {
298
                        Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader());
299
                    } catch(ClassNotFoundException e) {
300
                        // Ignore
301
                    }
302
                }
303
304
                /*
278
                 * Creating a MessageDigest during web application startup
305
                 * Creating a MessageDigest during web application startup
279
                 * initializes the Java Cryptography Architecture. Under certain
306
                 * initializes the Java Cryptography Architecture. Under certain
280
                 * conditions this starts a Token poller thread with TCCL equal
307
                 * conditions this starts a Token poller thread with TCCL equal
(-)webapps/docs/config/listeners.xml (+10 lines)
Lines 270-275 Link Here
270
        trigger a memory leak on reload. Defaults to <code>true</code>.</p>
270
        trigger a memory leak on reload. Defaults to <code>true</code>.</p>
271
      </attribute>
271
      </attribute>
272
272
273
      <attribute name="securityLoginConfigurationProtection" required="false">
274
        <p>Enables protection so that usage of the
275
        <code>javax.security.auth.login.Configuration</code> class by a web 
276
        application does not in a memory leak. The first access of this class will
277
        trigger the initializer that will retain a static reference to the context
278
        class loader. The protection loads the class with the system classloader 
279
        to ensure that the static initializer is not triggered by web application.
280
        Defaults to <code>true</code>.</p>
281
      </attribute>
282
273
      <attribute name="securityPolicyProtection" required="false">
283
      <attribute name="securityPolicyProtection" required="false">
274
        <p>Enables protection so that usage of the deprecated
284
        <p>Enables protection so that usage of the deprecated
275
        <code>javax.security.auth.Policy</code> class by a web application does not
285
        <code>javax.security.auth.Policy</code> class by a web application does not

Return to bug 50282