You can't see this from your log, but we need to check whether there is a similar situation. If it is not a class generated automatically by AOP, we just need to ensure that we don't impersonate its package name.
The following one can't tell whether there is a similar suspicion.
Java.security.accesscontrolexception: access denied (java.lang.runtimepermission accessclassinpackage.org.apache.catalina.loader)
In addition, when accessing some internal classes of tomcat platform, Tomcat can also configure permissions. Tomcat's implementation class will check the permissions first. The general purpose is to prevent some programs from accessing some internal functions provided by the server platform through reflection. The server hopes that everyone will not do this unless you are very sure of its possible impact (such as limited portability). Therefore, the server may configure its own permissions by default and explicitly enable Java 2 security functions in the server, so that when we write a custom LifeCycleListener and access these internal implementation classes, an error will occur. We need to explicitly configure permissions for our LifeCycleListener to ensure that you have understood this fact.
For example, in the following document, access to some packages is configured. When we don't configure it, it means that we don't know what the server expects. We need to think about it before deciding whether to configure it like this.
/infocenter/brj rules/v7r 0/index . JSP? topic = % 2 filog . Rules . j Rules . install . doc % 2f content % 2f business _ Rules % 2f documentation % 2f pubs kel % 2f j Rules _ Application _ Se rvers % 2f PS _ Installing _ j Rules _ sun 9 . html