You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/04/17 12:04:21 UTC
svn commit: r1588199 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/security/SecurityClassLoad.java
java/org/apache/catalina/servlets/DefaultServlet.java
webapps/docs/changelog.xml
Author: markt
Date: Thu Apr 17 10:04:21 2014
New Revision: 1588199
URL: http://svn.apache.org/r1588199
Log:
Small optimisation. The resolver and the factory are only used when running under a security manager so only load them in this case.
Also avoid a possible memory leak when creating these objects.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1588193,1588197
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Apr 17 10:04:21 2014
@@ -39,6 +39,7 @@ public final class SecurityClassLoad {
loadCoyotePackage(loader);
loadLoaderPackage(loader);
loadRealmPackage(loader);
+ loadServletsPackage(loader);
loadSessionPackage(loader);
loadUtilPackage(loader);
loadValvesPackage(loader);
@@ -122,6 +123,18 @@ public final class SecurityClassLoad {
}
+ private static final void loadServletsPackage(ClassLoader loader)
+ throws Exception {
+ final String basePackage = "org.apache.catalina.servlets.";
+ // Avoid a possible memory leak in the DefaultServlet when running with
+ // a security manager. The DefaultServlet needs to load an XML parser
+ // when running under a security manager. We want this to be loaded by
+ // the container rather than a web application to prevent a memory leak
+ // via web application class loader.
+ loader.loadClass(basePackage + "DefaultServlet");
+ }
+
+
private static final void loadSessionPackage(ClassLoader loader)
throws Exception {
final String basePackage = "org.apache.catalina.session.";
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr 17 10:04:21 2014
@@ -129,8 +129,7 @@ public class DefaultServlet
private static final DocumentBuilderFactory factory;
- private static final SecureEntityResolver secureEntityResolver =
- new SecureEntityResolver();
+ private static final SecureEntityResolver secureEntityResolver;
// ----------------------------------------------------- Instance Variables
@@ -238,9 +237,15 @@ public class DefaultServlet
urlEncoder.addSafeCharacter('*');
urlEncoder.addSafeCharacter('/');
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setValidating(false);
+ if (Globals.IS_SECURITY_ENABLED) {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ secureEntityResolver = new SecureEntityResolver();
+ } else {
+ factory = null;
+ secureEntityResolver = null;
+ }
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Apr 17 10:04:21 2014
@@ -87,6 +87,10 @@
reverts all the operations performed when adding an MBean notification
listener. (markt)
</fix>
+ <fix>
+ Only create XML parsing objects if required and fix associated potential
+ memory leak in the default Servlet. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org