https://issues.apache.org/bugzilla/show_bug.cgi?id=57091
--- Comment #2 from Niklas Hallqvist <niklas+apa...@appli.se> --- (In reply to Mark Thomas from comment #1) > Does this still work if you narrow the doPrivileged() block to just the > setContextClassLoader() call? If so provide an updated patch and I'll apply > it. If not, why not? Actually I haven't tested that, I may do that toorrow localtime (UTC+2). But... I know for a fact that the AccessController failed other operations before that, inside the Thread constructor, but the exceptions were masked by inner try-clauses. In a normal AccessController setup they wouldn't have failed, which is why I covered the whole thing in the doPrivileged. As the problem is really that the method is called with the wrong AccessController setup established for all of the duraton, I thought it most safe to actually cover all of the code, even if not strictly required at this moment. But as I said, I may do the tests tomorrow. I have a testcase btw, but in order to run it you need to sign the code and trust the ceritifcate in the browser which will run the test. If you want it I can make a package. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org