I'm not sure if this is related to the fix that just went in for: https://bz.apache.org/bugzilla/show_bug.cgi?id=58125 I'm getting this error on Tomcat 8 startup when using my own custom security manager: java.lang.ClassCircularityError: java/security/Permission at com.mytest.MySecurityManager.checkPermission(MySecurityManager.java:15) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1298) at java.lang.System.getProperty(System.java:708) at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:84) at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:49) at java.security.AccessController.doPrivileged(Native Method) at java.io.PrintWriter.<init>(PrintWriter.java:116) at java.io.PrintWriter.<init>(PrintWriter.java:100) at java.util.logging.SimpleFormatter.format(SimpleFormatter.java:155) at java.util.logging.StreamHandler.publish(StreamHandler.java:196) at java.util.logging.ConsoleHandler.publish(ConsoleHandler.java:105) at java.util.logging.Logger.log(Logger.java:616) at java.util.logging.Logger.doLog(Logger.java:641) at java.util.logging.Logger.logp(Logger.java:841) at org.apache.juli.logging.DirectJDKLog.log(DirectJDKLog.java:167) at org.apache.juli.logging.DirectJDKLog.fatal(DirectJDKLog.java:143) at org.apache.catalina.startup.Catalina.start(Catalina.java:627) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485) Note that I'm using tc Server with Tocmat 8.0.20 rather than Tomcat 8 directly. Not sure if that's relevant. It works fine with tc Server with Tomcat 7.0.59. Here's a sample MySecurityManager: package com.mytest; public class MySecurityManager extends SecurityManager { public MySecurityManager() { super(); } @Override public void checkPermission(java.security.Permission perm) { if (perm == null) { throw new NullPointerException("permission can't be null"); } String propertyName = perm.getName(); } @Override public void checkPermission(java.security.Permission perm, Object context) { checkPermission(perm); } } It seems to blow up when I get to the perm.getName() check. Any ideas? Thanks, Ken
I'm running JDK 1.7.0_60 if that is significant.
I just realized that a bunch of Maven dependencies will still referencing Tomcat 7. After switching these to Tomcat 8, everything seems to be fine. Sorry about that. Marking this as resolved.
Actually, I was wrong this is still an issue. I got things up and running because I had dropped a jar with just my custom security manager in the endorsed directory when I was looking for a workaround. I shouldn't have to do that though.
This works for me using your SecurityManager and the latest 8.0.x code. I can't tell if this is related to using tc Server (unlikely given at the point you see this error you won't have touched any of the tc Server specific extensions), something to do with the presence of org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke in the stack trace which is neither a Tomcat nor tc Server class or if it is something else. It is also possible that the fix for bug 58125 will have fixed the error although I couldn't repeat the error with or without that fix in place. If you still see this error with the latest 8.0.x code then please provide the simplest possible set of steps to reproduce this starting from a clean build of 8.0.x/trunk.
That stack trace had a springloaded jar in there that is used for hot deploys in STS (which is based on Eclipse). Here's the stack trace with springloaded removed: java.lang.ClassCircularityError: java/security/Permission at com.mytest.MySecurityManager.checkPermission(MySecurityManager.java:17) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1298) at java.lang.System.getProperty(System.java:708) at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:84) at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:49) at java.security.AccessController.doPrivileged(Native Method) at java.io.PrintWriter.<init>(PrintWriter.java:116) at java.io.PrintWriter.<init>(PrintWriter.java:100) at org.apache.juli.OneLineFormatter.format(OneLineFormatter.java:131) at org.apache.juli.FileHandler.publish(FileHandler.java:196) at java.util.logging.Logger.log(Logger.java:616) at java.util.logging.Logger.doLog(Logger.java:641) at java.util.logging.Logger.logp(Logger.java:841) at org.apache.juli.logging.DirectJDKLog.log(DirectJDKLog.java:182) at org.apache.juli.logging.DirectJDKLog.fatal(DirectJDKLog.java:158) at org.apache.catalina.startup.Catalina.start(Catalina.java:627) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485)
I will attach a reduced war.
Created attachment 32964 [details] War that illustrates this issue
Created attachment 32965 [details] Source code for the web app
Thanks for the test case. If I remove the fix for bug 58125 I see the error so this is another symptom of that bug. Many thanks. *** This bug has been marked as a duplicate of bug 58125 ***