Skip to content

Commit

Permalink
do not use virtual threads when a SecurityManager is set
Browse files Browse the repository at this point in the history
When running with a SecurityManager set, virtual threads have no permissions (https://openjdk.org/jeps/444).
=> Virtual threads must not be used otherwise AccessControlExceptions will be raised during file manipulations.

09:50:57,825 |-ERROR in c.q.l.core.rolling.TimeBasedRollingPolicy@1645547422 - Unexpected exception while waiting for compression job to finish java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read")
        at java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read")
        at      at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
        at      at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:205)
        at      at ch.qos.logback.core.rolling.TimeBasedRollingPolicy.waitForAsynchronousJobToStop(TimeBasedRollingPolicy.java:140)
        at      at ch.qos.logback.core.rolling.TimeBasedRollingPolicy.stop(TimeBasedRollingPolicy.java:132)
        at      at ch.qos.logback.core.rolling.RollingFileAppender.stop(RollingFileAppender.java:159)
        at      at ch.qos.logback.core.spi.AppenderAttachableImpl.detachAndStopAllAppenders(AppenderAttachableImpl.java:107)
        at      at ch.qos.logback.classic.Logger.detachAndStopAllAppenders(Logger.java:209)
        at      at ch.qos.logback.classic.Logger.recursiveReset(Logger.java:333)
        at      at ch.qos.logback.classic.Logger.recursiveReset(Logger.java:340)
        at      at ch.qos.logback.classic.LoggerContext.reset(LoggerContext.java:363)
        at      at ch.qos.logback.classic.LoggerContext.stop(LoggerContext.java:343)
        at      at org.springframework.boot.logging.logback.LogbackLoggingSystem.lambda$getShutdownHandler$2(LogbackLoggingSystem.java:391)
        at      at java.base/java.lang.Iterable.forEach(Iterable.java:75)
        at      at org.springframework.boot.SpringApplicationShutdownHook.run(SpringApplicationShutdownHook.java:116)
        at      at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read")
        at      at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:488)
        at      at java.base/java.security.AccessController.checkPermission(AccessController.java:1071)
        at      at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)
        at      at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:742)
        at      at java.base/java.io.File.exists(File.java:831)
        at      at ch.qos.logback.core.rolling.helper.Compressor.gzCompress(Compressor.java:148)
        at      at ch.qos.logback.core.rolling.helper.Compressor.compress(Compressor.java:57)
        at      at ch.qos.logback.core.rolling.helper.Compressor$CompressionRunnable.run(Compressor.java:246)
        at      at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
        at      at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at      at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
  • Loading branch information
Sylvain Dusart committed Jun 12, 2024
1 parent 7812a55 commit a3f5684
Showing 1 changed file with 17 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,28 @@
* @author Mikhail Mazursky
*/
public class ExecutorServiceUtil {

private static final boolean NO_SECURITY_MANAGER = System.getSecurityManager() == null;

private static final ThreadFactory THREAD_FACTORY_FOR_SCHEDULED_EXECUTION_SERVICE = new ThreadFactory() {

private final AtomicInteger threadNumber = new AtomicInteger(1);

private final ThreadFactory defaultFactory = makeThreadFactory();

/**
* A thread factory which may be a virtual thread factory the JDK supports it.
* A thread factory which may be a virtual thread factory if the JDK supports it
* and there is no security manager.
*
* @return
*/
private ThreadFactory makeThreadFactory() {
ThreadFactory tf = Thread.ofVirtual().factory();
return tf;
if (NO_SECURITY_MANAGER) {
ThreadFactory tf = Thread.ofVirtual().factory();
return tf;
}

return Executors.defaultThreadFactory();
}

@Override
Expand Down Expand Up @@ -99,11 +107,15 @@ static public void shutdown(ExecutorService executorService) {

/**
* An alternate implementation of {@linl #newThreadPoolExecutor} which returns a virtual thread per task executor
* when available.
* if the JDK supports it and there is no security manager.
*
* @since 1.3.12/1.4.12
*/
static public ExecutorService newAlternateThreadPoolExecutor() {
return Executors.newVirtualThreadPerTaskExecutor();
if (NO_SECURITY_MANAGER) {
return Executors.newVirtualThreadPerTaskExecutor();
}

return newThreadPoolExecutor();
}
}

0 comments on commit a3f5684

Please sign in to comment.