[
https://issues.apache.org/jira/browse/CXF-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp resolved CXF-5442.
------------------------------
Resolution: Fixed
Fix Version/s: 2.7.9
2.6.12
Assignee: Daniel Kulp
Little more reflection magic and I think this is now resolved. Confirmation
would be great.
> CXFAuthenticator causes classloader leaks
> -----------------------------------------
>
> Key: CXF-5442
> URL: https://issues.apache.org/jira/browse/CXF-5442
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.6.10
> Reporter: Mattias Jiderhamn
> Assignee: Daniel Kulp
> Fix For: 2.6.12, 2.7.9
>
> Attachments: cxf.jpg
>
>
> org.apache.cxf.transport.http.CXFAuthenticator will cause classloader leaks.
> When CXFAuthenticator.addAuthenticator() is called,
> org.apache.cxf.transport.http.ReferencingAuthenticator is instantiated in a
> custom "dummy" URLClassLoader, and then wraps any pre-existing default
> Authenticator + weak references the CXFAuthenticator.
> In theory, this means that the classloader loading the CXFAuthenticator can
> be garbage collected, and then ReferencingAuthenticator.auth is cleared since
> CXFAuthenticator.instance is not strongly reachable from GC root.
> I won't say my conclusions are final, but this is how I think it happens:
> When the dummy URLClassLoader is instantiated, it inherits the
> ProtectionDomain that references the current classloader, which is the one
> that loaded CXFAuthenticator and thus there is a path to GC root (see
> screenshot) and the web app classloader is never garbage collected.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
