Links Top Level Elements Executors Connectors Containers Nested Components Cluster Elements Other | The LifeCycle Listener ComponentIntroduction |
A Listener element defines a component that performs
actions when specific events occur, usually Tomcat starting or Tomcat
stopping.
Listeners may be nested inside a Server,
Engine, Host or
Context. Some Listeners are only intended to be
nested inside specific elements. These constraints are noted in the
documentation below.
|
Attributes |
Common Attributes |
All implementations of Listener
support the following attributes:
Attribute | Description |
---|
className |
Java class name of the implementation to use. This class must
implement the org.apache.catalina.LifecycleListener
interface.
|
|
|
Standard Implementations |
Unlike most Catalina components, there are several standard
Listener implementations available. As a result,
the className attribute MUST be used to select the
implementation you wish to use.
APR Lifecycle Listener - org.apache.catalina.core.AprLifecycleListener |
The APR Lifecycle Listener checks for the presence of
the APR/native library and loads the library if it is present. For more
information see the APR/native guide.
This listener must only be nested within Server
elements.
The following additional attributes are supported by the APR
Lifecycle Listener:
Attribute | Description |
---|
SSLEngine |
Name of the SSLEngine to use. off : do not use SSL,
on : use SSL but no specific ENGINE.
The default value is on. This initializes the
native SSL engine, which must be enabled in the APR/native connector by
the use of the SSLEnabled attribute.
See the Official OpenSSL website
for more details on supported SSL hardware engines and manufacturers.
| SSLRandomSeed |
Entropy source used to seed the SSLEngine's PRNG. The default value
is builtin . On development systems, you may want to set
this to /dev/urandom to allow quicker start times.
| FIPSMode |
Set to on to instruct OpenSSL to go into FIPS mode.
FIPS mode requires you to have a FIPS-capable OpenSSL library which
you must build yourself.
FIPS mode also requires Tomcat native library version 1.1.23 or later,
which must be built against the FIPS-compatible OpenSSL library.
If this attribute is "on", SSLEngine must be enabled as well.
The default value is off .
|
|
JRE Memory Leak Prevention Listener - org.apache.catalina.core.JreMemoryLeakPreventionListener |
The JRE Memory Leak Prevention Listener provides
work-arounds for known places where the Java Runtime environment uses
the context class loader to load a singleton as this will cause a memory
leak if a web application class loader happens to be the context class
loader at the time. The work-around is to initialise these singletons when
this listener starts as Tomcat's common class loader is the context class
loader at that time. It also provides work-arounds for known issues that
can result in locked JAR files.
This listener must only be nested within Server
elements.
The following additional attributes are supported by the JRE
Memory Leak Prevention Listener:
Attribute | Description |
---|
appContextProtection |
Enables protection so that calls to
sun.awt.AppContext.getAppContext() triggered by a web
application do not result in a memory leak. Note that a call to this
method will be triggered as part of the web application stop process so
it is strongly recommended that this protection is enabled. The default
is true .
| AWTThreadProtection |
Enables protection so that calls to
java.awt.Toolkit.getDefaultToolkit() triggered by a web
application do not result in a memory leak.
Defaults to false because an AWT thread is launched.
| classesToInitialize |
List of comma-separated fully qualified class names to load and initialize
during the startup of this Listener. This allows to pre-load classes that are
known to provoke classloader leaks if they are loaded during a request
processing. Non-JRE classes may be referenced, like
oracle.jdbc.driver.OracleTimeoutThreadPerVM .
The default value is empty, but specific JRE classes are loaded by other leak
protection features managed by other attributes of this Listener.
| driverManagerProtection |
The first use of java.sql.DriverManager will trigger the
loading of JDBC Driver in the the current class loader. The web
application level memory leak protection can take care of this in most
cases but triggering the loading here has fewer side-effects. The
default is true .
| gcDaemonProtection |
Enables protection so that calls to
sun.misc.GC.requestLatency(long) triggered by a web
application do not result in a memory leak. Use of RMI is likely to
trigger a call to this method. A side effect of enabling this protection
is the creation of a thread named "GC Daemon". The protection uses
reflection to access internal Sun classes and may generate errors on
startup on non-Sun JVMs. The default is true .
| java2DDisposerProtection |
Enables protection so that loading the
sun.java2d.Disposer class by a web application does not
result in a memory leak.
Defaults to false because a thread is launched.
| ldapPoolProtection |
Enables protection so that the PoolCleaner thread started by
com.sun.jndi.ldap.LdapPoolManager does not result in a
memory leak. The thread is started the first time the
LdapPoolManager class is used if the system property
com.sun.jndi.ldap.connect.pool.timeout is set to a value
greater than 0. Without this protection, if a web application uses this
class the PoolCleaner thread will be configured with the thread's
context class loader set to the web application class loader which in
turn will trigger a memory leak on reload. Defaults to
true .
| securityLoginConfigurationProtection |
Enables protection so that usage of the
javax.security.auth.login.Configuration class by a web
application does not provoke a memory leak. The first access of this
class will trigger the initializer that will retain a static reference
to the context class loader. The protection loads the class with the
system class loader to ensure that the static initializer is not
triggered by a web application. Defaults to true .
| securityPolicyProtection |
Enables protection so that usage of the deprecated
javax.security.auth.Policy class by a web application does not
result in a memory leak. The first access of this class will trigger the
static initializer that will retain a static reference to the context
class loader. The protection calls the getPolicy() method
of this class to ensure that the static initializer is not triggered by
a web application. Defaults to true .
| tokenPollerProtection |
Enables protection so that any token poller thread initialized by
sun.security.pkcs11.SunPKCS11.initToken() does not
result in a memory leak. The thread is started depending on various
conditions as part of the initialization of the Java Cryptography
Architecture. Without the protection this can happen during Webapp
deployment when the MessageDigest for generating session IDs is
initialized. As a result the thread has the Webapp class loader as its
thread context class loader. Enabling the protection initializes JCA
early during Tomcat startup. Defaults to true .
| urlCacheProtection |
Enables protection so that reading resources from JAR files using
java.net.URLConnection s does not result in the JAR file
being locked. Note that enabling this protection disables caching by
default for all resources obtained via
java.net.URLConnection s. Caching may be re-enabled on a
case by case basis as required. Defaults to true .
| xmlParsingProtection |
Enables protection so that parsing XML files within a web application
does not result in a memory leak. Note that memory profilers may not
display the GC root associated with this leak making it particularly
hard to diagnose. Defaults to true .
|
|
Security Lifecycle Listener - org.apache.catalina.security.SecurityListener |
The Security Lifecycle Listener performs a number of
security checks when Tomcat starts and prevents Tomcat from starting if they
fail. The listener is not enabled by default. To enabled it uncomment the
listener in $CATALINA_BASE/conf/server.xml. If the operating system supports
umask then the line in $CATALINA_HOME/bin/catalina.sh that obtains the umask
also needs to be uncommented.
This listener must only be nested within Server
elements.
The following additional attributes are supported by the Security
Lifecycle Listener:
Attribute | Description |
---|
checkedOsUsers |
A comma separated list of OS users that must not be used to start
Tomcat. If not specified, the default value of root is used. To
disable this check, set the attribute to the empty string. Usernames
are checked in a case-insensitive manner.
| minimumUmask |
The least rectrictive umask that must be configured before Tomcat
will start. If not specified, the default value of 0007 is used.
To disable this check, set the attribute to the empty string. The check
is not performed on Windows platforms.
|
|
UserConfig - org.apache.catalina.startup.UserConfig |
The UserConfig provides feature of User Web Applications.
User Web Applications map a request URI starting with a tilde character ("~")
and a username to a directory (commonly named public_html) in that user's
home directory on the server.
See the User Web Applications
special feature on the Host element for more information.
The following additional attributes are supported by the
UserConfig:
Attribute | Description |
---|
directoryName |
The directory name to be searched for within each user home directory.
The default is public_html .
| userClass |
The class name of the user database class.
There are currently two user database, the
org.apache.catalina.startup.PasswdUserDatabase is used on a
Unix system that uses the /etc/passwd file to identify valid users.
The org.apache.catalina.startup.HomesUserDatabase is used on
a server where /etc/passwd is not in use. HomesUserDatabase deploy all
directories found in a specified base directory.
| homeBase |
The base directory containing user home directories.This is effective
only when org.apache.catalina.startup.HomesUserDatabase is
used.
| allow |
A regular expression defining user who deployment is allowed. If this
attribute is specified, the user to deploy must match for this pattern.
If this attribute is not specified, all users will be deployed unless the
user matches a deny pattern.
| deny |
A regular expression defining user who deployment is denied. If this
attribute is specified, the user to deploy must not match for this
pattern. If this attribute is not specified, deployment of user will be
governed by a allow attribute.
|
|
|
|