[ https://issues.apache.org/jira/browse/TOMEE-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18019506#comment-18019506 ]
Yugandher reddy vonteddu commented on TOMEE-4528: ------------------------------------------------- Thanks [~jungm] OpenEJB.security.level resolved the issue > Getting Warning logs for Java 21 with TomEE 10.1.1 > -------------------------------------------------- > > Key: TOMEE-4528 > URL: https://issues.apache.org/jira/browse/TOMEE-4528 > Project: TomEE > Issue Type: Bug > Affects Versions: 10.1.1 > Reporter: Yugandher reddy vonteddu > Priority: Blocker > > {code:java} > INFO: Server startup in [272986] milliseconds > Sep 10, 2025 12:29:00 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'create' on type > 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security > at the moment. > Sep 10, 2025 12:29:00 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'invoke' on type > 'LocalBean' as TomEE running on JDK 21+ does not support method security at > the moment. > Sep 10, 2025 12:29:10 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'create' on type > 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security > at the moment. > Sep 10, 2025 12:29:10 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'invoke' on type > 'LocalBean' as TomEE running on JDK 21+ does not support method security at > the moment. > Sep 10, 2025 12:29:20 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'create' on type > 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security > at the moment. > Sep 10, 2025 12:29:20 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'invoke' on type > 'LocalBean' as TomEE running on JDK 21+ does not support method security at > the moment. > Sep 10, 2025 12:29:30 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'create' on type > 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security > at the moment. > Sep 10, 2025 12:29:30 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'invoke' on type > 'LocalBean' as TomEE running on JDK 21+ does not support method security at > the moment. > Sep 10, 2025 12:29:40 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'create' on type > 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security > at the moment. > Sep 10, 2025 12:29:40 PM > org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized > WARNING: Skipping JACC authorization check for method 'invoke' on type > 'LocalBean' as TomEE running on JDK 21+ does not support method security at > the moment.{code} > We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming > from openejb-core-10.1.1.jar. > there are being printed for each call and health check. > We also tried adding below to logging.properties but still same warnings > {code:java} > org.apache.openejb.core.security.AbstractSecurityService.level = OFF > OR > org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE > OR > org.apache.openejb.util.resources.level = SEVERE > OpenEJB.security = SEVERE{code} > > [~jungm] It will be helpful if we have any system level flag to suppress > this warning. > > > code from Openejb-core.jar > {code:java} > public boolean isCallerAuthorized(Method method, InterfaceType type) { > if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) { > ThreadContext threadContext = ThreadContext.getThreadContext(); > BeanContext beanContext = threadContext.getBeanContext(); > try { > String ejbName = beanContext.getEjbName(); > String name = type == null ? null : type.getSpecName(); > if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) { > name = null; > } > Identity currentIdentity = (Identity)clientIdentity.get(); > SecurityContext securityContext; > if (currentIdentity == null) { > securityContext = (SecurityContext)threadContext.get(SecurityContext.class); > } else { > securityContext = new SecurityContext(currentIdentity.getSubject()); > } > securityContext.getAccessControlContext().checkPermission(new > EJBMethodPermission(ejbName, name, method)); > } catch (AccessControlException var9) { > return false; > } > } else { > String var10001 = method == null ? "null" : method.getName(); > LOGGER.warning("Skipping JACC authorization check for method '" + var10001 + > "' on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE > running on JDK 21+ does not support method security at the moment."); > }{code} -- This message was sent by Atlassian Jira (v8.20.10#820010)