https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #18 from Mark Thomas <ma...@apache.org> --- I now have a clearer picture of what is going on. The fix for bug 65454 included an unintended change. The pre-starting of the core thread pool was removed. I'll restore that shortly. It also made a bug that was already present more obvious. When running under a security manager, the NIO2 acceptor uses an InnocuousThread to execute the completion handler for the acceptor. By design, the access control context associated with InnocuousThread instances is empty. When the accepted connection is passed to the executor, if a worker thread needs to be created, that thread inherits the access control context of the calling thread. When the calling thread is an InnocuousThread that access control context is empty so the work thread does not have the permissions it needs. That leads to security exceptions and failed requests. If the core threads are pre-started they have the correct permissions and depending on timing new threads that are started will either be started from those threads and have the correct permissions or from the Acceptor and have the wrong permissions. The next step is to see if I can find a way to avoid this issue. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
