Author: markt
Date: Thu Apr 17 09:56:26 2014
New Revision: 1588193
URL: http://svn.apache.org/r1588193
Log:
Small optimisation. The resolver and the factory are only used when running
under a security manager so only load them in this case.
Also avoid a possible memory leak when creating these objects.
Modified:
tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1588193&r1=1588192&r2=1588193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu
Apr 17 09:56:26 2014
@@ -43,6 +43,7 @@ public final class SecurityClassLoad {
loadCoyotePackage(loader);
loadLoaderPackage(loader);
loadRealmPackage(loader);
+ loadServletsPackage(loader);
loadSessionPackage(loader);
loadUtilPackage(loader);
loadValvesPackage(loader);
@@ -126,6 +127,18 @@ public final class SecurityClassLoad {
}
+ private static final void loadServletsPackage(ClassLoader loader)
+ throws Exception {
+ final String basePackage = "org.apache.catalina.servlets.";
+ // Avoid a possible memory leak in the DefaultServlet when running with
+ // a security manager. The DefaultServlet needs to load an XML parser
+ // when running under a security manager. We want this to be loaded by
+ // the container rather than a web application to prevent a memory leak
+ // via web application class loader.
+ loader.loadClass(basePackage + "DefaultServlet");
+ }
+
+
private static final void loadSessionPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.session.";
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1588193&r1=1588192&r2=1588193&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr
17 09:56:26 2014
@@ -132,8 +132,7 @@ public class DefaultServlet extends Http
private static final DocumentBuilderFactory factory;
- private static final SecureEntityResolver secureEntityResolver =
- new SecureEntityResolver();
+ private static final SecureEntityResolver secureEntityResolver;
/**
* Full range marker.
@@ -166,9 +165,15 @@ public class DefaultServlet extends Http
urlEncoder.addSafeCharacter('*');
urlEncoder.addSafeCharacter('/');
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setValidating(false);
+ if (Globals.IS_SECURITY_ENABLED) {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ secureEntityResolver = new SecureEntityResolver();
+ } else {
+ factory = null;
+ secureEntityResolver = null;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
