[CXF-5442] CXFAuthenticator causes classloader leaks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.10
Fix Version/s: 2.6.12, 2.7.9
Component/s: Transports
Labels:
None

Estimated Complexity:
Unknown

Description

org.apache.cxf.transport.http.CXFAuthenticator will cause classloader leaks.

When CXFAuthenticator.addAuthenticator() is called, org.apache.cxf.transport.http.ReferencingAuthenticator is instantiated in a custom "dummy" URLClassLoader, and then wraps any pre-existing default Authenticator + weak references the CXFAuthenticator.

In theory, this means that the classloader loading the CXFAuthenticator can be garbage collected, and then ReferencingAuthenticator.auth is cleared since CXFAuthenticator.instance is not strongly reachable from GC root.

I won't say my conclusions are final, but this is how I think it happens: When the dummy URLClassLoader is instantiated, it inherits the ProtectionDomain that references the current classloader, which is the one that loaded CXFAuthenticator and thus there is a path to GC root (see screenshot) and the web app classloader is never garbage collected.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cxf.jpg
06/Dec/13 21:20
37 kB
Mattias Jiderhamn

Activity

People

Assignee:: Daniel Kulp

Reporter:: Mattias Jiderhamn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Dec/13 21:19

Updated:: 11/Jul/14 12:51

Resolved:: 17/Jan/14 21:57