-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I'm exploring running my application under a SecurityManager (on
Tomcat 8.5.29), and I'm getting an unexpected complaint during Tomcat
shutdown:
Mar 21, 2018 1:26:23 AM org.apache.catalina.core.ApplicationContext log
SEVERE: my.JNDIDataSourceShutdownListener: Cannot close DataSource
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
my.JNDIDataSourceShutdownListener.close(JNDIDataSourceShutdownListener.j
ava:84)
at
my.JNDIDataSourceShutdownListener.contextDestroyed(JNDIDataSourceShutdow
nListener.java:63)
at
org.apache.catalina.core.StandardContext.listenerStop(StandardContext.ja
va:4800)
at
org.apache.catalina.core.StandardContext.stopInternal(StandardContext.ja
va:5437)
at
org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:226)
at
org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java
:1437)
at
org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java
:1426)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.jav
a:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.AccessControlException: access denied
("javax.management.MBeanServerPermission" "createMBeanServer")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884
)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at
java.lang.management.ManagementFactory.getPlatformMBeanServer(Management
Factory.java:465)
at
org.apache.tomcat.dbcp.dbcp2.BasicDataSource.close(BasicDataSource.java:
1950)
... 15 more
My JNDIDataSourceShutdownListener fetches the JNDI DataSource from the
JNDI tree and reflectively calls "close" on it to free it up.
This seems unexpected because:
1. I would expect that the MBeanServer would still be available even
during application shut-down (before Tomcat itself shuts down).
2. I would expect that BasicDataSource would use a PrivilegedAction if
it needed to create an MBeanServer in this way.
I can obviously just give this permission to the application, but I
think it probably makes more sense to solve this in a different way --
through Tomcat itself.
Any ideas? I'm certainly no expert in SecurityManagers and what Tomcat
is doing under the covers with its DataSources.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqx7oQACgkQHPApP6U8
pFgtnhAAgZG3nmLVDNwBIZk4IB3eaI+O58jDCcsgaHAMgri6rHvodUISo9fBI6iD
fwgvB3KjZ4kNqEzQP5img5/wAZ+WJB+yg93E0s8of39g88RlI5CxLjghpjMd2m+U
WbdHsW1h+qBZaqfAHbtAZmPsz6XnG5Kmo7HAMI5qpTW9jxvoS4Ds+uqSsj7/XgeW
GBVPZU9+6XezbxGZXw9yIjsI2Zv1zvok+Z5bmdMzc1u8kMaAQFCvBmAHrN1V+m3l
mReP/Hf5DGYJKn03mpaUO4d6q3RqLA+EkzE38RtHDASqBwkxrWbzArxo0+YpjfwQ
2gcP69efTzQrcmqkoJBrFfWmNG2NH56NhZMD0xAM2ikGhmAtjE1VA61+Sn1A7YJL
FTjWUxutbRmNUQbmkd6ee0c8rnGGLSa5Sv78c9GMWbvz+x9epRxp7fy7NfIqiaQe
cFgxVh85RoaLair2cc5v6zdBZfOnQutFHggcko18DW6NN3fYhRrk8WcAfm1B6lcX
p/Pb+zY9ni7MUswdXgeZByo8Sbc6UmE72RRRWxqu8XFhtqjBBCuuAOJQtPv3f+lE
A3PzN52J8MWLwsPPmLQoONcu7oPTMFn9SwckrNwJgHvqHf5lCjaMhxaX6bZ5cW00
BCs9JYWDH2Z63XMtwAR2xx/CVU3aY7ZR1UpFQvV5MN8LgsNaiRo=
=qoda
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
