You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/04/17 12:04:21 UTC
svn commit: r1588199 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/security/SecurityClassLoad.java java/org/apache/catalina/servlets/DefaultServlet.java webapps/docs/changelog.xml

Author: markt
Date: Thu Apr 17 10:04:21 2014
New Revision: 1588199

URL: http://svn.apache.org/r1588199
Log:
Small optimisation. The resolver and the factory are only used when running under a security manager so only load them in this case.
Also avoid a possible memory leak when creating these objects.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1588193,1588197

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Apr 17 10:04:21 2014
@@ -39,6 +39,7 @@ public final class SecurityClassLoad {
         loadCoyotePackage(loader);
         loadLoaderPackage(loader);
         loadRealmPackage(loader);
+        loadServletsPackage(loader);
         loadSessionPackage(loader);
         loadUtilPackage(loader);
         loadValvesPackage(loader);
@@ -122,6 +123,18 @@ public final class SecurityClassLoad {
     }
 
 
+    private static final void loadServletsPackage(ClassLoader loader)
+            throws Exception {
+        final String basePackage = "org.apache.catalina.servlets.";
+        // Avoid a possible memory leak in the DefaultServlet when running with
+        // a security manager. The DefaultServlet needs to load an XML parser
+        // when running under a security manager. We want this to be loaded by
+        // the container rather than a web application to prevent a memory leak
+        // via web application class loader.
+        loader.loadClass(basePackage + "DefaultServlet");
+    }
+
+
     private static final void loadSessionPackage(ClassLoader loader)
         throws Exception {
         final String basePackage = "org.apache.catalina.session.";

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr 17 10:04:21 2014
@@ -129,8 +129,7 @@ public class DefaultServlet
 
     private static final DocumentBuilderFactory factory;
 
-    private static final SecureEntityResolver secureEntityResolver =
-            new SecureEntityResolver();
+    private static final SecureEntityResolver secureEntityResolver;
 
 
     // ----------------------------------------------------- Instance Variables
@@ -238,9 +237,15 @@ public class DefaultServlet
         urlEncoder.addSafeCharacter('*');
         urlEncoder.addSafeCharacter('/');
         
-        factory = DocumentBuilderFactory.newInstance();
-        factory.setNamespaceAware(true);
-        factory.setValidating(false);
+        if (Globals.IS_SECURITY_ENABLED) {
+            factory = DocumentBuilderFactory.newInstance();
+            factory.setNamespaceAware(true);
+            factory.setValidating(false);
+            secureEntityResolver = new SecureEntityResolver();
+        } else {
+            factory = null;
+            secureEntityResolver = null;
+        }
     }
 
 

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1588199&r1=1588198&r2=1588199&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Apr 17 10:04:21 2014
@@ -87,6 +87,10 @@
         reverts all the operations performed when adding an MBean notification
         listener. (markt)
       </fix>
+      <fix>
+        Only create XML parsing objects if required and fix associated potential
+        memory leak in the default Servlet. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org