Bug 57490 – Websocket client cannot connect from Tomcat servlet with a SecurityManager in place Make it possible to use Tomcat's WebSocket client within a web application when running under a SecurityManager.

When using the Tomcat websocket client to connect to a websocket server from a servlet running with a SecurityManager, an AccessControlException is thrown even with a Java security policy that allows everything.

It does not work when the websocket client is used where access to the "org.apache.tomcat." packages is restricted (as it is in the Catalina servlet container).

Repeat using unmodified Tomcat 8.0.17 and JDK 8u31 in Win7 x64:

1) Add the following at the end of $CATALINA_BASE/conf/catalina.policy:

grant

;

2) Put the attached JSP file (repeat.jsp) into $CATALINA_BASE/webapps/examples/jsp
(The repeat opens a websocket client to the echo websocket example server,
sends a text message and then waits for and outputs the echoed response.)

3) Launch Tomcat from $CATALINA_BASE/bin with "catalina run -security"

4) Open http://127.0.0.1:8080/examples/jsp/repeat.jsp in a web browser

https://bz.apache.org/bugzilla/show_bug.cgi?id=57490
http://svn.apache.org/r1654767