listeners.xml

rjung Fri, 14 May 2010 10:34:06 -0700

Author: rjung
Date: Fri May 14 17:33:40 2010
New Revision: 944350

URL: http://svn.apache.org/viewvc?rev=944350&view=rev
Log:
Add Token Poller protection to our list
of special leak protection.
It initializes Java Cryptography Architecture
early during startup to prevent the occasional
Token Poller thread being started with the web app
class loader as TCCL.


Modified:
    
tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
    tomcat/trunk/webapps/docs/config/listeners.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java?rev=944350&r1=944349&r2=944350&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java 
(original)
+++ 
tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java 
Fri May 14 17:33:40 2010
@@ -81,6 +81,21 @@ public class JreMemoryLeakPreventionList
     }
 
     /**
+     * Protect against the memory leak, when the initialization of the
+     * Java Cryptography Architecture is triggered by initializing
+     * a MessageDigest during web application deployment.
+     * This will occasionally start a Token Poller thread with the thread's
+     * context class loader equal to the web application class loader.
+     * Instead we initialize JCA early.
+     * Defaults to <code>true</code>.
+     */
+    private boolean tokenPollerProtection = true;
+    public boolean isTokenPollerProtection() { return tokenPollerProtection; }
+    public void setTokenPollerProtection(boolean tokenPollerProtection) {
+        this.tokenPollerProtection = tokenPollerProtection;
+    }
+
+    /**
      * Protect against resources being read for JAR files and, as a 
side-effect,
      * the JAR file becoming locked. Note this disables caching for all
      * {...@link URLConnection}s, regardless of type. Defaults to
@@ -164,6 +179,18 @@ public class JreMemoryLeakPreventionList
             }
             
             /*
+             * Creating a MessageDigest during web application startup
+             * initializes the Java Cryptography Architecture. Under certain
+             * conditions this starts a Token poller thread with TCCL equal
+             * to the web application class loader.
+             * 
+             * Instead we initialize JCA right now.
+             */
+            if (tokenPollerProtection) {
+                java.security.Security.getProviders();
+            }
+            
+            /*
              * Several components end up opening JarURLConnections without 
first
              * disabling caching. This effectively locks the file. Whilst more
              * noticeable and harder to ignore on Windows, it affects all

Modified: tomcat/trunk/webapps/docs/config/listeners.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/listeners.xml?rev=944350&r1=944349&r2=944350&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/listeners.xml (original)
+++ tomcat/trunk/webapps/docs/config/listeners.xml Fri May 14 17:33:40 2010
@@ -255,11 +255,23 @@ service:jmx:rmi://&lt;hostname&gt;:10002
         <code>sun.misc.GC.requestLatency(long)</code> triggered by a web
         application do not result in a memory leak. Use of RMI is likely to
         trigger a call to this method. A side effect of enabling this 
protection
-        is the creation of a thread named "GC Daemon". The protection is uses
+        is the creation of a thread named "GC Daemon". The protection uses
         reflection to access internal Sun classes and may generate errors on
         startup on non-Sun JVMs. The default is <code>true</code>.</p>
       </attribute>
 
+      <attribute name="tokenPollerProtection" required="false">
+        <p>Enables protection so that any token poller thread initialized by
+        <code>sun.security.pkcs11.SunPKCS11.initToken()</code> does not
+        result in a memory leak. The thread is started depending on various
+        conditions as part of the initialization of the Java Cryptography
+        Architecture. Without the protection this can happen during Webapp
+        deployment when the MessageDigest for generating session IDs is
+        initialized. As a result the thread has the Webapp class loader as its
+        thread context class loader. Enabling the protection initializes JCA
+        early during Tomcat startup. Defaults to <code>true</code>.</p>
+      </attribute>
+
       <attribute name="urlCacheProtection" required="false">
         <p>Enables protection so that reading resources from JAR files using
         <code>java.net.URLConnection</code>s does not result in the JAR file



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r944350 - in /tomcat/trunk: java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java webapps/docs/config/listeners.xml

Reply via email to