Jim Ma created CXF-8935: --------------------------- Summary: Add doPrivileged block to httpclient.sendAsync() in HttpClientHTTPConduit Key: CXF-8935 URL: https://issues.apache.org/jira/browse/CXF-8935 Project: CXF Issue Type: Task Components: Core Affects Versions: 4.0.3 Reporter: Jim Ma Assignee: Jim Ma Fix For: 4.0.4
There is security permission failure when the security manager is enabled: {code:java} Caused by: java.io.IOException: java.security.AccessControlException: Permission check failed (permission "("java.net.URLPermission" "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService" "POST:Accept,Content-Type,SOAPAction,User-Agent")" at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590) at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601) at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653) at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684) at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626) at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420) at org.apache.cxf@4.0.3//org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717) at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112) at org.apache.cxf@4.0.3//org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63) ... 113 more Caused by: java.security.AccessControlException: Permission check failed (permission "("java.net.URLPermission" "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService" "POST:Accept,Content-Type,SOAPAction,User-Agent")" at java.net.http/jdk.internal.net.http.Exchange.checkPermissions(Exchange.java:597) at java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:339) at java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:335) at java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:347) at java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:293) at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072) at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1705) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) at java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:134){code} -- This message was sent by Atlassian Jira (v8.20.10#820010)