Author: markt Date: Thu Apr 17 09:56:26 2014 New Revision: 1588193 URL: http://svn.apache.org/r1588193 Log: Small optimisation. The resolver and the factory are only used when running under a security manager so only load them in this case. Also avoid a possible memory leak when creating these objects.
Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1588193&r1=1588192&r2=1588193&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Apr 17 09:56:26 2014 @@ -43,6 +43,7 @@ public final class SecurityClassLoad { loadCoyotePackage(loader); loadLoaderPackage(loader); loadRealmPackage(loader); + loadServletsPackage(loader); loadSessionPackage(loader); loadUtilPackage(loader); loadValvesPackage(loader); @@ -126,6 +127,18 @@ public final class SecurityClassLoad { } + private static final void loadServletsPackage(ClassLoader loader) + throws Exception { + final String basePackage = "org.apache.catalina.servlets."; + // Avoid a possible memory leak in the DefaultServlet when running with + // a security manager. The DefaultServlet needs to load an XML parser + // when running under a security manager. We want this to be loaded by + // the container rather than a web application to prevent a memory leak + // via web application class loader. + loader.loadClass(basePackage + "DefaultServlet"); + } + + private static final void loadSessionPackage(ClassLoader loader) throws Exception { final String basePackage = "org.apache.catalina.session."; Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1588193&r1=1588192&r2=1588193&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr 17 09:56:26 2014 @@ -132,8 +132,7 @@ public class DefaultServlet extends Http private static final DocumentBuilderFactory factory; - private static final SecureEntityResolver secureEntityResolver = - new SecureEntityResolver(); + private static final SecureEntityResolver secureEntityResolver; /** * Full range marker. @@ -166,9 +165,15 @@ public class DefaultServlet extends Http urlEncoder.addSafeCharacter('*'); urlEncoder.addSafeCharacter('/'); - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - factory.setValidating(false); + if (Globals.IS_SECURITY_ENABLED) { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + secureEntityResolver = new SecureEntityResolver(); + } else { + factory = null; + secureEntityResolver = null; + } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org