[ 
https://issues.apache.org/jira/browse/CXF-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13875993#comment-13875993
 ] 

Mattias Jiderhamn commented on CXF-5442:
----------------------------------------

Running my leak detecting test case against the 2.6.x SVN sources, it seems 
that setting loader.acc to null does the trick.
I have yet to test this in a deployed environment (possibly 
AccessController.doPrivileged() also makes a difference then) but likely the 
problem has been fixed.

> CXFAuthenticator causes classloader leaks
> -----------------------------------------
>
>                 Key: CXF-5442
>                 URL: https://issues.apache.org/jira/browse/CXF-5442
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 2.6.10
>            Reporter: Mattias Jiderhamn
>            Assignee: Daniel Kulp
>             Fix For: 2.6.12, 2.7.9
>
>         Attachments: cxf.jpg
>
>
> org.apache.cxf.transport.http.CXFAuthenticator will cause classloader leaks.
> When CXFAuthenticator.addAuthenticator() is called, 
> org.apache.cxf.transport.http.ReferencingAuthenticator is instantiated in a 
> custom "dummy" URLClassLoader, and then wraps any pre-existing default 
> Authenticator + weak references the CXFAuthenticator.
> In theory, this means that the classloader loading the CXFAuthenticator can 
> be garbage collected, and then ReferencingAuthenticator.auth is cleared since 
> CXFAuthenticator.instance is not strongly reachable from GC root.
> I won't say my conclusions are final, but this is how I think it happens: 
> When the dummy URLClassLoader is instantiated, it inherits the 
> ProtectionDomain that references the current classloader, which is the one 
> that loaded CXFAuthenticator and thus there is a path to GC root (see 
> screenshot) and the web app classloader is never garbage collected.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to