Around GeoServer 2.11, improvements were made to GeoServer configuration loading in order to improve startup speeds. The improvement appears to be implemented, in part, by using
to perform IO tasks concurrently. The problem with this is that, by default, concurrent streaming API operations use the JVM ForkJoinPool to do their work. This pool, again by default, creates threads that do not inherit the permissions of the caller. In fact they have no permissions at all ( see ForkJoinPool docs ).
This ultimately causes GeoServer catalog initialization code (and potentially other code in GeoServer) that runs in parallel streams to fail when a security manager is enabled, no matter what permissions are assigned.
A potential solution:
Run code executing in parallel streams as a privileged (trusted) code via
(I have not verified that this works yet)
Redhat Enterprise Linux 6/7, Java 8, Java SecurityManager enabled