Author: markt Date: Thu Apr 17 10:04:21 2014 New Revision: 1588199 URL: http://svn.apache.org/r1588199 Log: Small optimisation. The resolver and the factory are only used when running under a security manager so only load them in this case. Also avoid a possible memory leak when creating these objects.
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1588193,1588197 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1588199&r1=1588198&r2=1588199&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Apr 17 10:04:21 2014 @@ -39,6 +39,7 @@ public final class SecurityClassLoad { loadCoyotePackage(loader); loadLoaderPackage(loader); loadRealmPackage(loader); + loadServletsPackage(loader); loadSessionPackage(loader); loadUtilPackage(loader); loadValvesPackage(loader); @@ -122,6 +123,18 @@ public final class SecurityClassLoad { } + private static final void loadServletsPackage(ClassLoader loader) + throws Exception { + final String basePackage = "org.apache.catalina.servlets."; + // Avoid a possible memory leak in the DefaultServlet when running with + // a security manager. The DefaultServlet needs to load an XML parser + // when running under a security manager. We want this to be loaded by + // the container rather than a web application to prevent a memory leak + // via web application class loader. + loader.loadClass(basePackage + "DefaultServlet"); + } + + private static final void loadSessionPackage(ClassLoader loader) throws Exception { final String basePackage = "org.apache.catalina.session."; Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1588199&r1=1588198&r2=1588199&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr 17 10:04:21 2014 @@ -129,8 +129,7 @@ public class DefaultServlet private static final DocumentBuilderFactory factory; - private static final SecureEntityResolver secureEntityResolver = - new SecureEntityResolver(); + private static final SecureEntityResolver secureEntityResolver; // ----------------------------------------------------- Instance Variables @@ -238,9 +237,15 @@ public class DefaultServlet urlEncoder.addSafeCharacter('*'); urlEncoder.addSafeCharacter('/'); - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - factory.setValidating(false); + if (Globals.IS_SECURITY_ENABLED) { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + secureEntityResolver = new SecureEntityResolver(); + } else { + factory = null; + secureEntityResolver = null; + } } Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1588199&r1=1588198&r2=1588199&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Apr 17 10:04:21 2014 @@ -87,6 +87,10 @@ reverts all the operations performed when adding an MBean notification listener. (markt) </fix> + <fix> + Only create XML parsing objects if required and fix associated potential + memory leak in the default Servlet. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org