Bug 63412

Summary: WebSocket examples in Tomcat 9.0.20 RC fail with SecurityManager
Product: Tomcat 9 Reporter: Konstantin Kolinko <knst.kolinko>
Component: ExamplesAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 9.0.x   
Target Milestone: -----   
Hardware: PC   
OS: All   
Attachments: catalina.2019-05-08.log

Description Konstantin Kolinko 2019-05-08 16:06:42 UTC
Created attachment 36577 [details]
catalina.2019-05-08.log

Smoke-testing Tomcat 9.0.20 release candidate:
running apache-tomcat-9.0.20-windows-x64.zip + OpenJDK Java 12.0.1 64-bit on Windows 10.

WebSocket examples are failing and are not usable.

1. I opened all websocket examples in different tabs.
2. Testing the "echo" example:

1) The "Connect" button works, a connection is opened. 
2) Messages are sent to the server ("Sent: Here is a message!" line is printed), but there is no echo from server (nothing is received).
3) The "Disconnect" button does not work.
4) The connection closes itself after a timeout. The following is printed:
"Info: WebSocket connection closed, Code: 1006"

3. Other WebSocket examples fail to initialize. They open a connection but fail to operate any further.

4. If I run the same version of Tomcat and Java without enabling a SecurityManager, the WebSocket examples work correctly.

BTW, other examples work correctly. Running them with SecurityManager being enabled I do not note any issues.
Comment 1 Remy Maucherat 2019-05-08 17:05:38 UTC
I'm pretty sure it tries and fails to load the enums only there. Things worked mostly by accident before, and the classes of SocketWrapperBase should all be preloaded now since they're API usable in webapps now.
Will test it.
Comment 2 Remy Maucherat 2019-05-08 19:38:08 UTC
This will be fixed in 9.0.21. This is caused by the new async IO API which is now enabled by default (you can set useAsyncIO="false" on the Connector to avoid the exception; or add the permission to the policy file for now, IMO it's the best way).

In catalina.policy:
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.net";