https://bz.apache.org/bugzilla/show_bug.cgi?id=61568
Bug ID: 61568
Summary: [Security Manager] InnocuousThread raises
SecurityException for some HTTP requests
Product: Tomcat 8
Version: 8.5.20
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
I am running two webapps with two servlets on my server with security manager
enabled. When manually testing the servlets, they respond just fine to HTTP
post and get requests. When stress testing (e.g. multiple simultaneous
requests) some requests fail (<1%) and raise the exception pasted below. When
adding the permission java.security.AllPermission to the webapps, the exception
still occurs. Therefore, I assume, this is a bug directly related to the
security manager.
Without the security manager enabled, all requests are handled fine, even when
stress testing.
Exception:
Exception in thread "anInnocuousThread" java.lang.SecurityException:
setContextClassLoader
at sun.misc.InnocuousThread.setContextClassLoader(InnocuousThread.java:64)
at
org.apache.tomcat.util.security.PrivilegedSetTccl.run(PrivilegedSetTccl.java:31)
at
org.apache.tomcat.util.security.PrivilegedSetTccl.run(PrivilegedSetTccl.java:21)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.tomcat.util.threads.TaskThreadFactory.newThread(TaskThreadFactory.java:66)
at
java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:610)
at
java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:924)
at
java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1371)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:167)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:145)
at
sun.nio.ch.AsynchronousChannelGroupImpl.executeOnPooledThread(AsynchronousChannelGroupImpl.java:188)
at sun.nio.ch.Invoker.invokeIndirectly(Invoker.java:212)
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.finishRead(UnixAsynchronousSocketChannelImpl.java:432)
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.finish(UnixAsynchronousSocketChannelImpl.java:191)
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.onEvent(UnixAsynchronousSocketChannelImpl.java:213)
at sun.nio.ch.EPollPort$EventHandlerTask.run(EPollPort.java:293)
at java.lang.Thread.run(Thread.java:745)
at sun.misc.InnocuousThread.run(InnocuousThread.java:74)
Environment:
# uname -a
Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u1 (2017-06-18) x86_64
GNU/Linux
# java -version
java version "1.7.0_131"
OpenJDK Runtime Environment (IcedTea 2.6.9) (7u131-2.6.9-2~deb8u1)
OpenJDK 64-Bit Server VM (build 24.131-b00, mixed mode)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
