https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #5 from Mark Thomas <ma...@apache.org> --- This looks to be related to the NIO2 completion handlers. Secure connections do a handshake first so the main request processing is on a completion handler thread. These don't appear to have any security context associated with them although I need to dig into this some more. The non-secure threads start processing on a standard executor thread - hence why they don't see this issue. My concern at this point is that we could end up in a position of having to pre-load a much larger set of classes. It is worth noting that the SecurityManager is deprecated in newer versions of Java and that support for running Tomcat under a SecurityManager is likely to be removed in the (distant) future. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
