[
https://issues.apache.org/jira/browse/CXF-8935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8935:
------------------------------
Fix Version/s: 3.6.3
> Add doPrivileged block to httpclient.sendAsync() in HttpClientHTTPConduit
> -------------------------------------------------------------------------
>
> Key: CXF-8935
> URL: https://issues.apache.org/jira/browse/CXF-8935
> Project: CXF
> Issue Type: Task
> Components: Core
> Affects Versions: 4.0.3
> Reporter: Jim Ma
> Assignee: Jim Ma
> Priority: Major
> Fix For: 3.6.3, 4.0.4
>
>
> There is security permission failure when the security manager is enabled:
> {code:java}
> Caused by: java.io.IOException: java.security.AccessControlException:
> Permission check failed (permission "("java.net.URLPermission"
> "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService";
> "POST:Accept,Content-Type,SOAPAction,User-Agent")"
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
> at
> org.apache.cxf@4.0.3//org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717)
> at
> org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112)
> at
> org.apache.cxf@4.0.3//org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
> ... 113 more
> Caused by: java.security.AccessControlException: Permission check failed
> (permission "("java.net.URLPermission"
> "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService";
> "POST:Accept,Content-Type,SOAPAction,User-Agent")"
> at
> java.net.http/jdk.internal.net.http.Exchange.checkPermissions(Exchange.java:597)
> at
> java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:339)
> at
> java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:335)
> at
> java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:347)
> at
> java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:293)
> at
> java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072)
> at
> java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
> at
> java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1705)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:834)
> at
> java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:134){code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
