https://issues.apache.org/bugzilla/show_bug.cgi?id=51384
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #1 from Mark Thomas <ma...@apache.org> 2011-06-20 09:54:18 UTC ---
As of Java 1.6 the combination of:
- custom LogManager
- security manager
- http codebase in security policy file
won't work.
The root cause is the following circular dependency:
- The Custom LogManager has to extend the standard LogManager
- standard LogManager starts a Cleaner that calls setContextClassloader
- that triggers a security check
- that triggers the parsing of the policy file
- that triggers a validity check of the http codebase
- that uses HttpUrlConnection
- that tries to create a Logger
- that requires LogManager to be initialised
The standard LogManager avoids this since it is viewed as System code hence all
security checks are bypassed.
I don't see a way around this without changes to java.util.logging.LogManager
and that is outside the control of the Tomcat project.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
