tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: Tomcat 6.x leak with WSS4J library
Date Thu, 20 Jun 2013 18:24:53 GMT
Thanks you very much, Christopher :

1)

Finally

-
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false

worked for me, but I want to find out the root cause for leaking. I afraid
to accelerate OOM in PermGen  with many redeploys

2)


>Perhaps a container-loaded component (wss4j?) is being configured to
>use a webapp-loaded component (log4j?). Have you placed anything that
>didn't come with Tomcat into Tomcat's lib/ directory?


I don't use log4j.jar and I guess neither another library in my WEB-INF/lib
( looking at Maven dependences ).

I don't have log4j.jar in $TOMCAT_HOME\lib



My web application uses slf4j + logback and I've got jcl-over-slf4j as a
Maven dependence

and I exclude that another library uses commons-logging with Maven
exclusion option

<exclusions>
<exclusion>
 <groupId>commons-logging</groupId>
   <artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>

So, if logging system leaks, should be slf4j + logback, but I'm not sure




























2013/6/20 Christopher Schultz <chris@christopherschultz.net>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jose,
>
> On 6/19/13 5:02 PM, Jose María Zaragoza wrote:
> > Thanks !
> >
> >> You should at least upgrade to 6.0.37. 6.0.24
> >
> > I agree with you but I can't. Anyway, I tested my webapp in Tomcat
> > 6.0.37 and it throws the same error; it only works in latest Tomcat
> > 7.x
>
> You really need to. Tell your bosses that you are vulnerable to a
> number of "important" security vulnerabilities that have been
> published for years, now.
>
> >> Why is your web application attempting to get a message's
> >> signature
> > during shutdown?
> >
> > I explained myself  badly . I wanted to say "after my webapp  is
> > redeployed and without any restart, the next requests to my webapp
> > throws that exception.
>
> This suggests that some component is being de-configured on webapp
> shutdown but then you are still trying to use it after the webapp
> shutdown (when the next version of the webapp).
>
> Perhaps a container-loaded component (wss4j?) is being configured to
> use a webapp-loaded component (log4j?). Have you placed anything that
> didn't come with Tomcat into Tomcat's lib/ directory?
>
> >> I think you have to use a ServletContextListener to properly
> >> tear-down your resources, otherwise they may be torn-down after
> >> Tomcat does things such as nulling-out static field references,
> >> which is likely to be the problem you are encountering, here.
> >
> > I agree but I have no idea how free resources managed by wss4j
> > library . I'm not an expert in JVM profiling but I can investigate
> > about it.
> >
> >> That's because the "log" reference is null. -
> >> -Dorg.apache.catalina.loader.
> >> WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
> >
> > Great ! It could be a solution. I hope don't have collateral
> > effects ...
>
> The collateral effect is likely to be that your webapp doesn't crash
> (at least for this issue) but you might end up with a webapp-reload
> memory leak if you don't already have one.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJRwl9PAAoJEBzwKT+lPKRYMFoQAJ4CZa4iwUItpl8VlizLfaBE
> idgDbjWrZEEUp78iqo3+aJKnrLZpJIiHpx80PvXgJ8Dc9ifZS5jiObkfzcCdxwZj
> DMNCctEAIg6fmtnttFY5m8f73geLA8QBY2agie6BaxdfnXqFRPyGwefeVcuymnbv
> wkVu4W6XPXPSAZJhYaF3vS+L3hD3CUtStwg2/TEAlxaWtFgH+rDcmdwJsAQPkUxI
> FEYJTk5asTyQE/9Voq+wzHG3ygu9ZW48EgvHQAKtjPWpDk7FhYbiK0uVfB7W5F7F
> UbixxonlNO+KMW/zPqtDt9+wPXux9T1m8c3iflek/Oai9LfFflb+mw4x2UhSFx+d
> nN518ZsBB6mUyoOxgllGQECZSTT8xB/JFX7VxAMhTtpIn2ltFMhKhPKSKamRPKZb
> nwQcxHf7PC/AxXaZT429Qj1d0+rPi0MMeLhYShleestWnuYdM733fYwdru8rBRjx
> HWxDpFsJtp/LOKkJGTbw/0AT8yxkVXLKRjTxGOB7NWxSO/VCNq2l0H9711ECUAAK
> ki6MdbPog7nXgMwVAmegtJjSjg124Q8iGw9YiKSuRRWeZ6FuInLB7umlijUac81Z
> apZu1G8gfbpcQM36//cVEsFShCAKION2h+n9KE/bhLvYyBvS03u6tTyUS65VR9EY
> j9mkawDqdULHtGYNiv8V
> =2NOw
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message