Hi Wolfgang, Indeed, the Security Manager has been deprecated in Java 17 and will be removed. With it, the Policy will also disappear in the very near future. >From Java 24 on, the set Policy now throws UnsupportedOperationException, because no Security manager, no need to install a system wide policy.
The Security Manager has also been removed from Jakarta new releases and it will require some more or less deep work to remove its support in TomEE -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Fri, Apr 4, 2025 at 10:28 AM Wolfgang Knauf <wolfgang.kn...@gmx.de.invalid> wrote: > Hi all, > > (sorry if this is a duplicate one, I already sent it a few days ago, but > as it did not appear, I think it might be related to the fact that I did > not subscribe to the list) > > TomEE 10.0.1 fails to launch with Java 24: > > 01-Apr-2025 13:10:36.888 SCHWERWIEGEND [main] > org.apache.openejb.util.OpenEJBErrorHandler.handleUnknownError FATAL ERROR: > Unknown error in Assembler. Please send the following stack trace and this > message to users@tomee.apache.org : > org.apache.xbean.recipe.ConstructionException: Error invoking constructor: > public org.apache.tomee.catalina.TomcatSecurityService() > at > org.apache.xbean.recipe.ReflectionUtil$ConstructorFactory.create(ReflectionUtil.java:981) > at > org.apache.xbean.recipe.ObjectRecipe.internalCreate(ObjectRecipe.java:279) > at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:96) > at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:61) > at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:49) > at > org.apache.openejb.assembler.classic.Assembler.createSecurityService(Assembler.java:3553) > at > org.apache.openejb.assembler.classic.Assembler.buildContainerSystem(Assembler.java:579) > at > org.apache.openejb.assembler.classic.Assembler.build(Assembler.java:497) > at org.apache.openejb.OpenEJB$Instance.<init>(OpenEJB.java:150) > at org.apache.openejb.OpenEJB.init(OpenEJB.java:307) > at > org.apache.tomee.catalina.TomcatLoader.initialize(TomcatLoader.java:244) > at > org.apache.tomee.catalina.ServerListener.lifecycleEvent(ServerListener.java:161) > at > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:109) > at > org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:389) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:123) > at org.apache.catalina.startup.Catalina.load(Catalina.java:712) > at org.apache.catalina.startup.Catalina.load(Catalina.java:735) > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) > at java.base/java.lang.reflect.Method.invoke(Method.java:565) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) > Caused by: java.lang.IllegalStateException: Could not install JACC Policy > Provider: org.apache.openejb.core.security.JaccProvider$Policy > at > org.apache.openejb.core.security.AbstractSecurityService.installPolicy(AbstractSecurityService.java:443) > at > org.apache.openejb.core.security.AbstractSecurityService.installJacc(AbstractSecurityService.java:431) > at > org.apache.openejb.core.security.AbstractSecurityService.<init>(AbstractSecurityService.java:94) > at > org.apache.openejb.core.security.AbstractSecurityService.<init>(AbstractSecurityService.java:88) > at > org.apache.tomee.catalina.TomcatSecurityService.<init>(TomcatSecurityService.java:55) > at > java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62) > at > java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) > at > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:483) > at > org.apache.xbean.recipe.ReflectionUtil$ConstructorFactory.create(ReflectionUtil.java:971) > ... 20 more > Caused by: java.lang.UnsupportedOperationException: Setting a system-wide > Policy object is not supported > at java.base/java.security.Policy.setPolicy(Policy.java:114) > at > org.apache.openejb.core.security.AbstractSecurityService.installPolicy(AbstractSecurityService.java:441) > ... 28 more > > > > Is there something I should do about this (file a JIRA issue), or is the > Java 24 support already on your roadmap? > > Best regards > > Wolfgang >
