[jira] [Updated] (TOMEE-4528) Getting Warning logs for Java 21 with TomEE 10.1.1

Mon, 27 Oct 2025 01:15:04 -0700 


     [ 
https://issues.apache.org/jira/browse/TOMEE-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Markus Jung updated TOMEE-4528:
-------------------------------
    Priority: Minor  (was: Blocker)

> Getting Warning logs for Java 21 with TomEE 10.1.1
> --------------------------------------------------
>
>                 Key: TOMEE-4528
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4528
>             Project: TomEE
>          Issue Type: Improvement
>    Affects Versions: 10.1.1, 10.1.2
>            Reporter: Yugandher reddy vonteddu
>            Assignee: Erik Pearson
>            Priority: Minor
>             Fix For: 10.1.3
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> {code:java}
> INFO: Server startup in [272986] milliseconds
> Sep 10, 2025 12:29:00 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type 
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security 
> at the moment.
> Sep 10, 2025 12:29:00 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type 
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at 
> the moment.
> Sep 10, 2025 12:29:10 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type 
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security 
> at the moment.
> Sep 10, 2025 12:29:10 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type 
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at 
> the moment.
> Sep 10, 2025 12:29:20 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type 
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security 
> at the moment.
> Sep 10, 2025 12:29:20 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type 
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at 
> the moment.
> Sep 10, 2025 12:29:30 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type 
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security 
> at the moment.
> Sep 10, 2025 12:29:30 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type 
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at 
> the moment.
> Sep 10, 2025 12:29:40 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'create' on type 
> 'LocalBeanHome' as TomEE running on JDK 21+ does not support method security 
> at the moment.
> Sep 10, 2025 12:29:40 PM 
> org.apache.openejb.core.security.AbstractSecurityService isCallerAuthorized
> WARNING: Skipping JACC authorization check for method 'invoke' on type 
> 'LocalBean' as TomEE running on JDK 21+ does not support method security at 
> the moment.{code}
> We are getting above warnings with Java 21 with TomEE 10.1.1 which are coming 
> from openejb-core-10.1.1.jar.
> there are being printed for each call and health check.
> We also tried adding below to logging.properties but still same warnings 
> {code:java}
> org.apache.openejb.core.security.AbstractSecurityService.level = OFF
>             OR
> org.apache.openejb.core.security.AbstractSecurityService.level = SEVERE
>             OR
> org.apache.openejb.util.resources.level = SEVERE
> OpenEJB.security  = SEVERE{code}
>  
> [~jungm]  It will be helpful if we have any system level flag to suppress 
> this warning.
>  
>  
> code from Openejb-core.jar
> {code:java}
> public boolean isCallerAuthorized(Method method, InterfaceType type) {
> if (System.getProperty("java.vm.specification.version").compareTo("21") < 0) {
> ThreadContext threadContext = ThreadContext.getThreadContext();
> BeanContext beanContext = threadContext.getBeanContext();
> try {
> String ejbName = beanContext.getEjbName();
> String name = type == null ? null : type.getSpecName();
> if ("LocalBean".equals(name) || "LocalBeanHome".equals(name)) {
> name = null;
> }
> Identity currentIdentity = (Identity)clientIdentity.get();
> SecurityContext securityContext;
> if (currentIdentity == null) {
> securityContext = (SecurityContext)threadContext.get(SecurityContext.class);
> } else {
> securityContext = new SecurityContext(currentIdentity.getSubject());
> }
> securityContext.getAccessControlContext().checkPermission(new 
> EJBMethodPermission(ejbName, name, method));
> } catch (AccessControlException var9) {
> return false;
> }
> } else {
> String var10001 = method == null ? "null" : method.getName();
> LOGGER.warning("Skipping JACC authorization check for method '" + var10001 + 
> "' on type '" + (type == null ? "null" : type.getSpecName()) + "' as TomEE 
> running on JDK 21+ does not support method security at the moment.");
> }{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to