https://issues.apache.org/bugzilla/show_bug.cgi?id=51384
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #1 from Mark Thomas <ma...@apache.org> 2011-06-20 09:54:18 UTC --- As of Java 1.6 the combination of: - custom LogManager - security manager - http codebase in security policy file won't work. The root cause is the following circular dependency: - The Custom LogManager has to extend the standard LogManager - standard LogManager starts a Cleaner that calls setContextClassloader - that triggers a security check - that triggers the parsing of the policy file - that triggers a validity check of the http codebase - that uses HttpUrlConnection - that tries to create a Logger - that requires LogManager to be initialised The standard LogManager avoids this since it is viewed as System code hence all security checks are bypassed. I don't see a way around this without changes to java.util.logging.LogManager and that is outside the control of the Tomcat project. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org