Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8935

Add doPrivileged block to httpclient.sendAsync() in HttpClientHTTPConduit

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.0.3
    • 3.6.3, 4.0.4
    • Core
    • None
    • Unknown

    Description

      There is security permission failure when the security manager  is enabled:

      Caused by: java.io.IOException: java.security.AccessControlException: Permission check failed (permission "("java.net.URLPermission" "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService" "POST:Accept,Content-Type,SOAPAction,User-Agent")"
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
    at org.apache.cxf@4.0.3//org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717)
    at org.apache.cxf.impl//org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112)
    at org.apache.cxf@4.0.3//org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
    ... 113 more
Caused by: java.security.AccessControlException: Permission check failed (permission "("java.net.URLPermission" "http://127.0.0.1:8080/wsse-policy-trust-sts/SecurityTokenService" "POST:Accept,Content-Type,SOAPAction,User-Agent")"
    at java.net.http/jdk.internal.net.http.Exchange.checkPermissions(Exchange.java:597)
    at java.net.http/jdk.internal.net.http.Exchange.responseAsyncImpl(Exchange.java:339)
    at java.net.http/jdk.internal.net.http.Exchange.responseAsync(Exchange.java:335)
    at java.net.http/jdk.internal.net.http.MultiExchange.responseAsyncImpl(MultiExchange.java:347)
    at java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsync0$2(MultiExchange.java:293)
    at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072)
    at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1705)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:834)
    at java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:134)

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1453

          Activity

            People

              ema Jim Ma
              ema Jim Ma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: