On 21/03/18 05:32, Christopher Schultz wrote:
> All,
>
> I'm exploring running my application under a SecurityManager
That's brave.
> (on
> Tomcat 8.5.29), and I'm getting an unexpected complaint during Tomcat
> shutdown:
>
> Mar 21, 2018 1:26:23 AM org.apache.catalina.core.ApplicationContext log
> SEVERE: my.JNDIDataSourceShutdownListener: Cannot close DataSource
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
> a:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
> Impl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> my.JNDIDataSourceShutdownListener.close(JNDIDataSourceShutdownListener.j
> ava:84)
> at
> my.JNDIDataSourceShutdownListener.contextDestroyed(JNDIDataSourceShutdow
> nListener.java:63)
> at
> org.apache.catalina.core.StandardContext.listenerStop(StandardContext.ja
> va:4800)
> at
> org.apache.catalina.core.StandardContext.stopInternal(StandardContext.ja
> va:5437)
> at
> org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:226)
> at
> org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java
> :1437)
> at
> org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java
> :1426)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.jav
> a:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
> va:617)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.security.AccessControlException: access denied
> ("javax.management.MBeanServerPermission" "createMBeanServer")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.
> java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884
> )
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at
> java.lang.management.ManagementFactory.getPlatformMBeanServer(Management
> Factory.java:465)
> at
> org.apache.tomcat.dbcp.dbcp2.BasicDataSource.close(BasicDataSource.java:
> 1950)
> ... 15 more
>
>
> My JNDIDataSourceShutdownListener fetches the JNDI DataSource from the
> JNDI tree and reflectively calls "close" on it to free it up.
>
> This seems unexpected because:
>
> 1. I would expect that the MBeanServer would still be available even
> during application shut-down (before Tomcat itself shuts down).
>
> 2. I would expect that BasicDataSource would use a PrivilegedAction if
> it needed to create an MBeanServer in this way.
>
> I can obviously just give this permission to the application, but I
> think it probably makes more sense to solve this in a different way --
> through Tomcat itself.
Looks like the fix would need to be in DBCP2 since that is the source of
that code.
> Any ideas? I'm certainly no expert in SecurityManagers and what Tomcat
> is doing under the covers with its DataSources.
Doesn't Tomcat shutdown the JNDI datasource without
JNDIDataSourceShutdownListener doing it explicitly? See closeMethod in
the docs/code. With the shut down initiated from Tomcat code, the right
permissions should be in place.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
