In case of PrivilegedActionException thrown in: private static void execute(final Method method, final Object targetObject, final Object[] targetArguments, Principal principal) method, there is a false assumption in catch block, that PrivilegedActionException.getException() will return InvocationTargetException. It could be also IllegalAccessException and possibly other types of exceptions as well. Here is the stack trace provoked on catalina shutdown when enabled security manager: java.lang.ClassCastException: java.lang.IllegalAccessException cannot be cast to java.lang.reflect.InvocationTargetException at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:278) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178) at org.apache.catalina.core.ApplicationFilterConfig.release(ApplicationFilterConfig.java:326) at org.apache.catalina.core.StandardContext.filterStop(StandardContext.java:3744) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4513) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924) at org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1191) at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1162) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:313) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098) at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448) at org.apache.catalina.core.StandardService.stop(StandardService.java:584) at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744) at org.apache.catalina.startup.Catalina.stop(Catalina.java:628) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.stop(Bootstrap.java:300) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.commons.daemon.support.DaemonLoader.stop(DaemonLoader.java:200)
Thanks for the report. This has been fixed in trunk and proposed for 6.0.x
It seems that tomcats 5.5.x suffer from the same issue.
I've proposed the same fix for 5.5.x
This has been fixed in 6.0.x and will be included in 6.0.19 onwards. I am changing the product to TC5 as it is still open there.
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.