-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'm exploring running my application under a SecurityManager (on Tomcat 8.5.29), and I'm getting an unexpected complaint during Tomcat shutdown: Mar 21, 2018 1:26:23 AM org.apache.catalina.core.ApplicationContext log SEVERE: my.JNDIDataSourceShutdownListener: Cannot close DataSource java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at my.JNDIDataSourceShutdownListener.close(JNDIDataSourceShutdownListener.j ava:84) at my.JNDIDataSourceShutdownListener.contextDestroyed(JNDIDataSourceShutdow nListener.java:63) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.ja va:4800) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.ja va:5437) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:226) at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java :1437) at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java :1426) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.jav a:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja va:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.AccessControlException: access denied ("javax.management.MBeanServerPermission" "createMBeanServer") at java.security.AccessControlContext.checkPermission(AccessControlContext. java:472) at java.security.AccessController.checkPermission(AccessController.java:884 ) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.management.ManagementFactory.getPlatformMBeanServer(Management Factory.java:465) at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.close(BasicDataSource.java: 1950) ... 15 more My JNDIDataSourceShutdownListener fetches the JNDI DataSource from the JNDI tree and reflectively calls "close" on it to free it up. This seems unexpected because: 1. I would expect that the MBeanServer would still be available even during application shut-down (before Tomcat itself shuts down). 2. I would expect that BasicDataSource would use a PrivilegedAction if it needed to create an MBeanServer in this way. I can obviously just give this permission to the application, but I think it probably makes more sense to solve this in a different way -- through Tomcat itself. Any ideas? I'm certainly no expert in SecurityManagers and what Tomcat is doing under the covers with its DataSources. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqx7oQACgkQHPApP6U8 pFgtnhAAgZG3nmLVDNwBIZk4IB3eaI+O58jDCcsgaHAMgri6rHvodUISo9fBI6iD fwgvB3KjZ4kNqEzQP5img5/wAZ+WJB+yg93E0s8of39g88RlI5CxLjghpjMd2m+U WbdHsW1h+qBZaqfAHbtAZmPsz6XnG5Kmo7HAMI5qpTW9jxvoS4Ds+uqSsj7/XgeW GBVPZU9+6XezbxGZXw9yIjsI2Zv1zvok+Z5bmdMzc1u8kMaAQFCvBmAHrN1V+m3l mReP/Hf5DGYJKn03mpaUO4d6q3RqLA+EkzE38RtHDASqBwkxrWbzArxo0+YpjfwQ 2gcP69efTzQrcmqkoJBrFfWmNG2NH56NhZMD0xAM2ikGhmAtjE1VA61+Sn1A7YJL FTjWUxutbRmNUQbmkd6ee0c8rnGGLSa5Sv78c9GMWbvz+x9epRxp7fy7NfIqiaQe cFgxVh85RoaLair2cc5v6zdBZfOnQutFHggcko18DW6NN3fYhRrk8WcAfm1B6lcX p/Pb+zY9ni7MUswdXgeZByo8Sbc6UmE72RRRWxqu8XFhtqjBBCuuAOJQtPv3f+lE A3PzN52J8MWLwsPPmLQoONcu7oPTMFn9SwckrNwJgHvqHf5lCjaMhxaX6bZ5cW00 BCs9JYWDH2Z63XMtwAR2xx/CVU3aY7ZR1UpFQvV5MN8LgsNaiRo= =qoda -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org