ManifestUberJarDuplicatedJarsWarner uses FJP without privileged block --------------------------------------------------------------------- Key: ISPN-9165 URL: https://issues.jboss.org/browse/ISPN-9165 Project: Infinispan Issue Type: Bug Components: Core Affects Versions: 9.2.2.Final Reporter: David Lloyd Priority: Critical Labels: security-manager {{ManifestUberJarDuplicatedJarsWarner}} has a method called {{isClasspathCorrectAsync}} which dispatches a task to the fork-join pool. The task loads resources from the Infinispan JAR. This fails under a security manager. The common FJP executes tasks with no permissions. One of two things must be done: # Do not use the fork-join pool; find some other async solution which preserves the access control context. # Capture and propagate the current AccessControlContext when calling {{isClasspathCorrectAsync}}. This can be done by calling {{AccessController.getContext()}} before submitting the task, and then, within the submitted lambda, wrap the call to isClasspathCorrect with a call to {{AccessController.doPrivileged()}} which restores the captured context (by giving it as the second parameter). Note that this will entail a nested lambda or anonymous class.