We've implemented a custom JACC provider for use with Glassfish and it works great when the security manager is turned off, but when we turn on the Security Manager we end up with a StackOverflowError.
It appears (through remote debugging) that the JACC provider's refresh method is being stopped by the AccessController, which is checking to see if the SecurityPermission for "setPolicy" is granted. The problem with this is that the AccessController is delegating to the same JACC provider to ask about this permission, so we get caught in an endless chain of method calls that result in a StackOverflowError. What are we missing here? Is there some magic argument I need to provide?
[Message sent by forum member 'vinsonizer' (vinsonizer)]
http://forums.java.net/jive/thread.jspa?messageID=273909