[jira] [Created] (TOMEE-4528) Getting Warning logs for Java 21 with TomEE 10.1.1

Wed, 10 Sep 2025 00:02:08 -0700 

Yugandher reddy vonteddu created TOMEE-4528:
-----------------------------------------------

             Summary: Getting Warning logs for Java 21 with TomEE 10.1.1
                 Key: TOMEE-4528
                 URL: https://issues.apache.org/jira/browse/TOMEE-4528
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 10.1.1
            Reporter: Yugandher reddy vonteddu


{code:java}
WARNING: Skipping JACC authorization check for method 'create' on type 
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at 
the moment. Sep 10, 2025 11:31:43 AM 
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized 
WARNING: Skipping JACC authorization check for method 'invoke' on type 
'LocalBean' as TomEE running on JDK 21+ does not support method security at the 
moment. Sep 10, 2025 11:31:46 AM 
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized 
WARNING: Skipping JACC authorization check for method 'create' on type 
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at 
the moment. Sep 10, 2025 11:31:46 AM 
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized 
WARNING: Skipping JACC authorization check for method 'invoke' on type 
'LocalBean' as TomEE running on JDK 21+ does not support method security at the 
moment.{code}
We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming 
from openejb-core-10.1.1.jar.

there are being printed for each call and health check.

We also tried adding below to logging.properties but still same warnings 
{code:java}
org.apache.openejb.core.security.AbstractSecurityService.level = OFF
            OR
org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE
            OR
org.apache.openejb.util.resources.level = SEVERE
OpenEJB.security  = SEVERE{code}
 

[~jungm]  It will be helpful if we have any system level flag to suppress this 
warning.

 

 

code from Openejb-core.jar
{code:java}
public boolean isCallerAuthorized(Method method, InterfaceType type) {
if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) {
ThreadContext threadContext = ThreadContext.getThreadContext();
BeanContext beanContext = threadContext.getBeanContext();

try {
String ejbName = beanContext.getEjbName();
String name = type == null ? null : type.getSpecName();
if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
name = null;
}

Identity currentIdentity = (Identity)clientIdentity.get();
SecurityContext securityContext;
if (currentIdentity == null) {
securityContext = (SecurityContext)threadContext.get(SecurityContext.class);
} else {
securityContext = new SecurityContext(currentIdentity.getSubject());
}

securityContext.getAccessControlContext().checkPermission(new 
EJBMethodPermission(ejbName, name, method));
} catch (AccessControlException var9) {
return false;
}
} else {
String var10001 = method == null ? "null" : method.getName();
LOGGER.warning("Skipping JACC authorization check for method '" + var10001 + "' 
on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE running 
on JDK 21+ does not support method security at the moment.");
}{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to