[
https://issues.apache.org/jira/browse/TOMEE-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yugandher reddy vonteddu updated TOMEE-4528:
--------------------------------------------
Description:
{code:java}
INFO: Server startup in [272986] milliseconds
Sep 10, 2025 12:29:00 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment.
Sep 10, 2025 12:29:00 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.
Sep 10, 2025 12:29:10 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment.
Sep 10, 2025 12:29:10 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.
Sep 10, 2025 12:29:20 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment.
Sep 10, 2025 12:29:20 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.
Sep 10, 2025 12:29:30 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment.
Sep 10, 2025 12:29:30 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.
Sep 10, 2025 12:29:40 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment.
Sep 10, 2025 12:29:40 PM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.{code}
We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming
from openejb-core-10.1.1.jar.
there are being printed for each call and health check.
We also tried adding below to logging.properties but still same warnings
{code:java}
org.apache.openejb.core.security.AbstractSecurityService.level = OFF
OR
org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE
OR
org.apache.openejb.util.resources.level = SEVERE
OpenEJB.security = SEVERE{code}
[~jungm] It will be helpful if we have any system level flag to suppress this
warning.
code from Openejb-core.jar
{code:java}
public boolean isCallerAuthorized(Method method, InterfaceType type) {
if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) {
ThreadContext threadContext = ThreadContext.getThreadContext();
BeanContext beanContext = threadContext.getBeanContext();
try {
String ejbName = beanContext.getEjbName();
String name = type == null ? null : type.getSpecName();
if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
name = null;
}
Identity currentIdentity = (Identity)clientIdentity.get();
SecurityContext securityContext;
if (currentIdentity == null) {
securityContext = (SecurityContext)threadContext.get(SecurityContext.class);
} else {
securityContext = new SecurityContext(currentIdentity.getSubject());
}
securityContext.getAccessControlContext().checkPermission(new
EJBMethodPermission(ejbName, name, method));
} catch (AccessControlException var9) {
return false;
}
} else {
String var10001 = method == null ? "null" : method.getName();
LOGGER.warning("Skipping JACC authorization check for method '" + var10001 + "'
on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE running
on JDK 21+ does not support method security at the moment.");
}{code}
was:
{code:java}
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment. Sep 10, 2025 11:31:43 AM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment. Sep 10, 2025 11:31:46 AM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'create' on type
'LocalBeanHome' as TomEE running on JDK 21+ does not support method security at
the moment. Sep 10, 2025 11:31:46 AM
org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
WARNING: Skipping JACC authorization check for method 'invoke' on type
'LocalBean' as TomEE running on JDK 21+ does not support method security at the
moment.{code}
We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming
from openejb-core-10.1.1.jar.
there are being printed for each call and health check.
We also tried adding below to logging.properties but still same warnings
{code:java}
org.apache.openejb.core.security.AbstractSecurityService.level = OFF
OR
org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE
OR
org.apache.openejb.util.resources.level = SEVERE
OpenEJB.security = SEVERE{code}
[~jungm] It will be helpful if we have any system level flag to suppress this
warning.
code from Openejb-core.jar
{code:java}
public boolean isCallerAuthorized(Method method, InterfaceType type) {
if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) {
ThreadContext threadContext = ThreadContext.getThreadContext();
BeanContext beanContext = threadContext.getBeanContext();
try {
String ejbName = beanContext.getEjbName();
String name = type == null ? null : type.getSpecName();
if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
name = null;
}
Identity currentIdentity = (Identity)clientIdentity.get();
SecurityContext securityContext;
if (currentIdentity == null) {
securityContext = (SecurityContext)threadContext.get(SecurityContext.class);
} else {
securityContext = new SecurityContext(currentIdentity.getSubject());
}
securityContext.getAccessControlContext().checkPermission(new
EJBMethodPermission(ejbName, name, method));
} catch (AccessControlException var9) {
return false;
}
} else {
String var10001 = method == null ? "null" : method.getName();
LOGGER.warning("Skipping JACC authorization check for method '" + var10001 + "'
on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE running
on JDK 21+ does not support method security at the moment.");
}{code}
> Getting Warning logs for Java 21 with TomEE 10.1.1
> --------------------------------------------------
>
> Key: TOMEE-4528
> URL: https://issues.apache.org/jira/browse/TOMEE-4528
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 10.1.1
> Reporter: Yugandher reddy vonteddu
> Priority: Major
>
> {code:java}
> INFO: Server startup in [272986] milliseconds
> Sep 10, 2025 12:29:00 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security
> at the moment.
> Sep 10, 2025 12:29:00 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at
> the moment.
> Sep 10, 2025 12:29:10 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security
> at the moment.
> Sep 10, 2025 12:29:10 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at
> the moment.
> Sep 10, 2025 12:29:20 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security
> at the moment.
> Sep 10, 2025 12:29:20 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at
> the moment.
> Sep 10, 2025 12:29:30 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security
> at the moment.
> Sep 10, 2025 12:29:30 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at
> the moment.
> Sep 10, 2025 12:29:40 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security
> at the moment.
> Sep 10, 2025 12:29:40 PM
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at
> the moment.{code}
> We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming
> from openejb-core-10.1.1.jar.
> there are being printed for each call and health check.
> We also tried adding below to logging.properties but still same warnings
> {code:java}
> org.apache.openejb.core.security.AbstractSecurityService.level = OFF
> OR
> org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE
> OR
> org.apache.openejb.util.resources.level = SEVERE
> OpenEJB.security = SEVERE{code}
>
> [~jungm] It will be helpful if we have any system level flag to suppress
> this warning.
>
>
> code from Openejb-core.jar
> {code:java}
> public boolean isCallerAuthorized(Method method, InterfaceType type) {
> if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) {
> ThreadContext threadContext = ThreadContext.getThreadContext();
> BeanContext beanContext = threadContext.getBeanContext();
> try {
> String ejbName = beanContext.getEjbName();
> String name = type == null ? null : type.getSpecName();
> if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
> name = null;
> }
> Identity currentIdentity = (Identity)clientIdentity.get();
> SecurityContext securityContext;
> if (currentIdentity == null) {
> securityContext = (SecurityContext)threadContext.get(SecurityContext.class);
> } else {
> securityContext = new SecurityContext(currentIdentity.getSubject());
> }
> securityContext.getAccessControlContext().checkPermission(new
> EJBMethodPermission(ejbName, name, method));
> } catch (AccessControlException var9) {
> return false;
> }
> } else {
> String var10001 = method == null ? "null" : method.getName();
> LOGGER.warning("Skipping JACC authorization check for method '" + var10001 +
> "' on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE
> running on JDK 21+ does not support method security at the moment.");
> }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
