GeoServer will not run with the default Java ForkJoinPool configuration and a SecurityManager enabled

Description

Around GeoServer 2.11, improvements were made to GeoServer configuration loading in order to improve startup speeds. The improvement appears to be implemented, in part, by using

to perform IO tasks concurrently. The problem with this is that, by default, concurrent streaming API operations use the JVM ForkJoinPool to do their work. This pool, again by default, creates threads that do not inherit the permissions of the caller. In fact they have no permissions at all ( see ForkJoinPool docs ).

This ultimately causes GeoServer catalog initialization code (and potentially other code in GeoServer) that runs in parallel streams to fail when a security manager is enabled, no matter what permissions are assigned.

A potential solution:
Run code executing in parallel streams as a privileged (trusted) code via

(I have not verified that this works yet)

Environment

Redhat Enterprise Linux 6/7, Java 8, Java SecurityManager enabled

Status

Assignee

Unassigned

Reporter

Clifford Harms

Triage

Fix versions

None

Affects versions

Priority

Medium
Configure