Jim Ma created CXF-8935:
---------------------------
Summary: Add doPrivileged block to httpclient.sendAsync() in
HttpClientHTTPConduit
Key: CXF-8935
URL: https://issues.apache.org/jira/browse/CXF-8935
Project: CXF
Issue Type: Task
Components: Core
Affects Versions: 4.0.3
Reporter: Jim Ma
Assignee: Jim Ma
Fix For: 4.0.4
There is security permission failure when the security manager is enabled:
{code:java}
Caused by: java.io.IOException: java.security.AccessControlException:
Permission check failed (permission "("java.net.URLPermission"
"http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService";
"POST:Accept,Content-Type,SOAPAction,User-Agent")"
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
at
org.apache.cxf@4.0.3//org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717)
at
org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112)
at
org.apache.cxf@4.0.3//org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
... 113 more
Caused by: java.security.AccessControlException: Permission check failed
(permission "("java.net.URLPermission"
"http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService";
"POST:Accept,Content-Type,SOAPAction,User-Agent")"
at
java.net.http/jdk.internal.net.http.Exchange.checkPermissions(Exchange.java:597)
at
java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:339)
at
java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:335)
at
java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:347)
at
java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:293)
at
java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072)
at
java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
at
java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1705)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
at
java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:134){code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
