https://bz.apache.org/bugzilla/show_bug.cgi?id=65553
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- OS| |All --- Comment #1 from Mark Thomas <ma...@apache.org> --- One view is that the JRE should not be doing this - or at least doing it in a way that doesn't run the risk of memory leaks in a Java EE / Jakarta EE environment. We have raised JRE bugs for issues like this in the past and they have been fixed. The counter view is that this thread is not a one-off and is not short-lived (the typical cases for JRE bugs that have been fixed) and Tomcat has already acknowledged - with the useContextClassLoader flag - that it needs to be taking action to ensure that any threads are created with the expected class loader. If the consensus is that Tomcat needs to handle this then we'd need to ensure that every version of authenticate() also set the class loader if required. We'd probably want to refactor the existing handling to make sure we don't try setting the class loader twice. I am currently leaning towards handling this in Tomcat rather than raising a JRE bug. Thoughts? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org