Bug 59866

Summary: Tomcat incorrectly scans WEB-INF/classes/META-INF/resources for classes
Product: Tomcat 7 Reporter: Jack <caijunj>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 7.0.70   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Jack 2016-07-15 15:59:51 UTC
During startup, Tomcat incorrectly scans the WEB-INF/classes/META-INF/resources folder to find classses, which also presents a performance penalty.

This happens in two situations:

1. When Tomcat tries to find classes to cache. The code in problem is at Line 2275 in [1]. It calls the webapp classloader's getResourceAsStream() method and eventually ends up doing a lookup in WEB-INF/classes/META-INF/resources for many Java class.

2. When Tomcat tries to load some classes using the webapp classloader, the classloader's findClassInternal() calls its findResourceInternal() method, which may do a lookup in its repository (aka WEB-INF/classes), see Line 3291 in [2].

The code actually does the lookup in the WEB-INF/classes/META-INF/resources is at Line 502 in [3]. The above situations can be easily observed by setting a breakpoint at this line and then start tomcat in debug mode with all the default configurations (addWebinfClassesResources is false, though even if it's set to true the above behavior is wrong).

This same issue may exist in Tomcat 8 and onwards as well.

[1] http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/java/org/apache/catalina/startup/ContextConfig.java
[2] http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/java/org/apache/catalina/loader/WebappClassLoaderBase.java
[3] http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/java/org/apache/naming/resources/BaseDirContext.java
Comment 1 Jack 2016-07-18 20:19:08 UTC
Anybody who can take a look to confirm this is a valid issue?
Comment 2 Mark Thomas 2016-08-02 15:20:50 UTC
The first issues applies to 7.0.x onwards.
The second issue applies only to 7.0.x.

This has been fixed in:
9.0.x for 9.0.0.M10 onwards
8.5.x for 8.5.5 onwards
8.0.x for 8.0.37 onwards
7.0.x for 7.0.71 onwards