https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #6 from Remy Maucherat <r...@apache.org> --- (In reply to Mark Thomas from comment #5) > This looks to be related to the NIO2 completion handlers. Secure connections > do a handshake first so the main request processing is on a completion > handler thread. These don't appear to have any security context associated > with them although I need to dig into this some more. > > The non-secure threads start processing on a standard executor thread - > hence why they don't see this issue. > > My concern at this point is that we could end up in a position of having to > pre-load a much larger set of classes. > > It is worth noting that the SecurityManager is deprecated in newer versions > of Java and that support for running Tomcat under a SecurityManager is > likely to be removed in the (distant) future. I couldn't immediately get it working as well. Instead, we could document that the security manager is not supported with NIO2, for now at least. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
