Project

General

Profile

Bug #60503

tomcat startup hangs on or slow during loading res web application

Added by Alexey Bobyr over 3 years ago.

Status:
WONTFIX
Priority:
Normal
Assignee:
Alexey Bobyr
Category:
Scalix Tomcat
Target version:
Start date:
06/16/2016
Due date:
% Done:

0%

Estimated time:
Operation System:
--

Description

catalina.out

Jun 16, 2016 3:28:32 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor /var/opt/scalix/tt/tomcat/conf/Catalina/localhost/res.xml
Jun 16, 2016 3:28:33 AM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Jun 16, 2016 3:28:56 AM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [23,762] milliseconds.

Tomcat 7 issue . from https://wiki.apache.org/tomcat/HowTo/FasterStartUp


Entropy Source

Tomcat 7+ heavily relies on SecureRandom class to provide random values for its session ids and in other places. Depending on your JRE it can cause delays during startup if entropy source that is used to initialize SecureRandom is short of entropy. You will see warning in the logs when this happens, e.g.:

<DATE> org.apache.catalina.util.SessionIdGenerator createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [5172] milliseconds.
There is a way to configure JRE to use a non-blocking entropy source by setting the following system property: -Djava.security.egd=file:/dev/./urandom

Note the "/./" characters in the value. They are needed to work around known Oracle JRE bug #6202721. See also JDK Enhancement Proposal 123. It is known that implementation of SecureRandom was improved in Java 8 onwards.

Also note that replacing the blocking entropy source (/dev/random) with a non-blocking one actually reduces security because you are getting less-random data. If you have a problem generating entropy on your server (which is common), consider looking into entropy-generating hardware products such as "EntropyKey".

User must follow description from official site and make changes dependents on his environment and jre that he is using

Also available in: Atom PDF