I may have recently found a same/similar issue with our environment.
Our setup is GenericSecurityRealm and SQLLoginModule also, although we are using Tomcat (WebSphere Community Edition v126.96.36.199, based on Geronimo 2.1.4 and Tomcat 6.0.20).
The app is a pretty straightforward JSF web application. Using MAT to analyze the heap dump showed the same thing: 86% of memory used up by org.apache.geronimo.security.ContextManager objects, with 54% of that being IdentityHashMap objects.
If there is anything else I can share that might help, please let me know.
Huber & Associates
Office: 573-634-5000, Mobile: 573-298-1040
-----firstname.lastname@example.org wrote: -----
From: Morten Svanęs <email@example.com>
Sent by: firstname.lastname@example.org
Date: 02/08/2011 06:51AM
Subject: Stateless/sessionless servlet consuming too much memory
I'm currently having memory problems with a stateless web service
running in Geronimo 2.2.1.
The problem is that after running for a while the server starts
consuming more and more memory, some kind of leak or accumulation of
unwanted objects occur.
After analyzing the heap dumps in mat I can clearly see that the
accumulation happens inside the
The login happens via http basic and a custom LoginModule looking up
users in the database. The login module is based on the
GenericSecurityRealm and SQLLoginModule.
The service is a standard web servlet running on jetty. The service is
called typically many hundred times a second by the client with stand
http basic auth urls, so there is actually no need for sessions at
It seems like when users log on to the service the
credentials/siubject gets stuck in the subjectContexts hashmap even
though the session timeout is set for 1 sec in the web.xml file.
I've disabled session cookies by using information found here:
I assume this is some kind of misconfiguration on our side and not the
stand. behavior with Geronimo, anyone who can help us point out the
direction for solving this would be greatly appreciated.