Announcement Announcement Module
No announcement yet.
Possible Memory Leak due to SecurityContextHolder thread local Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible Memory Leak due to SecurityContextHolder thread local

    Searching for memory leaks in my webapp, i found the thread local in the security context holder (Acegi 1.0 RC1 - context holder in former versions should be the same) - see

    The value is never removed, but replaced with a fresh instance on end of filter processing in HttpSessionContextIntegrationFilter. Better to use ThreadLocal.remove() on filter end! The same on invokation of ContextPropagatingRemoteInvocation...

    An Appserver typically has a numberof threads, some of them containing this thread local. The classloader cannot be garbage collected on deployment or restart of the webapp due to references of this thread local!

  • #2

    The code at the moment strongly enforces the contract that the security context cannot be set to null. We'll look at relaxing this or adding an extra clearContext method to the SecurityContextHolder class.

    The problem isn't too serious as it only applies to redeployments. Presumably the previous classloader will eventually be garbage collected when the thread is reused and the context is overwritten with a new one. At that point there is no longer an external reference to one of the old classes.



    • #3
      Jira tracker:
      Last edited by Luke Taylor; Oct 24th, 2007, 08:18 AM.


      • #4
        I can't locate this anymore


        The project you are trying to view does not exist. Try browsing for projects.

        If you think this message is wrong, please consult your administrators about getting the necessary permissions.

        Originally posted by Luke View Post


        • #5
          The link was wrong. I've fixed it now.