tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Gallimore <jonathan.gallim...@gmail.com>
Subject Re: EAR deployment
Date Fri, 29 Jun 2018 14:56:07 GMT
I'll take a look - will be early next week before I can get to it.

Jon

On Fri, Jun 29, 2018 at 3:50 PM, Romain Manni-Bucau <rmannibucau@gmail.com>
wrote:

> ears probably not (but you are not that numerous anymore ;)) but with a
> security manager is more the criteria here IMHO.
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/
> rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <https://www.packtpub.com/application-development/java-
> ee-8-high-performance>
>
>
> Le ven. 29 juin 2018 à 16:44, <rcohen@e1b.org> a écrit :
>
> > Not terribly familiar with Git, but I assume you asking me to submit a
> > pull request that points to a fix?  The short answer is "no".  I would
> > love to see this fixed, but right now I don't have the time to grok git
> > (we use svn), set up a build environment for Tomee, pickup maven (we use
> > ant+ivy), and figure out the actual bug.    If I have to, I will --- but
> > only God knows how long it will be before I can make the time to do these
> > things.
> >
> > But this raises a question: am I really the last person still deploying
> > EARs?!   Really???
> >
> > Thanks for your prompt help -- you guys are amazing!
> > Ross
> >
> >
> >
> >
> >
> > From:   "Romain Manni-Bucau" <rmannibucau@gmail.com>
> > To:     users@tomee.apache.org,
> > Date:   06/28/2018 04:03 PM
> > Subject:        Re: EAR deployment
> >
> >
> >
> > I see
> >
> > Then it is just a bug and we miss a wrapping to be SM compliant in that
> > part of the code.
> >
> > Do you want to submit a PR to fix it?
> >
> > Le jeu. 28 juin 2018 19:37, <rcohen@e1b.org> a écrit :
> >
> > > Couldn't find it in the summary.   Of course, its there as a VM
> > argument,
> > > but I expect that.   After digging around a bit more I found it in the
> > > MXBeans:  java.lang -> Runtime -> Attributes.
> > >
> > > Every thing there is set as it is in the file: ie
> > > java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
> > > java.security.manager=<no value>
> > >
> > > -- both of which I would expect.
> > >
> > > Note that I have not tried chang <Deployments dir="apps" /> in
> > tomee.xml.
> > > Maybe that needs chaning -- though what I have seem really close to
> > > working.
> > >
> > > Just occurred to me that I never included my full VM args:
> > >
> > > -Dcatalina.base="C:\IBM\liferay\tomee"
> > > -Dcatalina.home="C:\IBM\liferay\tomee"
> > > -Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
> > > -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
> > > -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
> > >
> >
> > -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_
> CLEAR_REFERENCES=false
> > >
> > >
> > > -Duser.timezone=EST
> > > -Djava.security.manager
> > > -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
> > >
> > -Djava.security.auth.login.config="C:\IBM\liferay\tomee\
> conf\jaas.config"
> > > -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
> > > -Xmx2048m
> > >
> > >
> > > Thanks,
> > > Ross
> > >
> > >
> > >
> > >
> > >
> > > From:   "Romain Manni-Bucau" <rmannibucau@gmail.com>
> > > To:     users@tomee.apache.org,
> > > Date:   06/28/2018 11:20 AM
> > > Subject:        Re: EAR deployment
> > >
> > >
> > >
> > > I think you can check it in the JVM info in system properties (VM
> > Summary)
> > >
> > > Romain Manni-Bucau
> > > @rmannibucau <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> >
> > > > |  Blog
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> >
> > > > | Old Blog
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> >
> > > > | Github <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> >
> > > > |
> > > LinkedIn <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=
> ZXJpZTE%3D&_c=aff046f7
> >
> > > > | Book
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt
> ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
> > > >
> > >
> > >
> > > Le jeu. 28 juin 2018 à 17:19, <rcohen@e1b.org> a écrit :
> > >
> > > > So:
> > > >
> > > > 1.   With the security manager disabled, the ear deploys fine, ejb's
> > > > instantitiate, initialize, etc -- no errors at all!
> > > >
> > > > 2.  I connected to the running jvm with jmx, and poked around for a
> > > while,
> > > > but could not find where it specified the policy file Tomcat was
> > using.
> > > > Can I get a hint as to where this info is?
> > > >
> > > > Thanks,
> > > > Ross
> > > >
> > > >
> > > >
> > > > From:   "Romain Manni-Bucau" <rmannibucau@gmail.com>
> > > > To:     users@tomee.apache.org,
> > > > Date:   06/27/2018 04:54 PM
> > > > Subject:        Re: EAR deployment
> > > >
> > > >
> > > >
> > > > Hi
> > > >
> > > > can you confirm it works without the security manager enabled?
> > > >
> > > > Also can you check connecting on the JVM through JMX that the right
> > > policy
> > > > file is used and tomcat didn't override the one you thought using?
> > > >
> > > > Romain Manni-Bucau
> > > > @rmannibucau <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> >
> > >
> > > > > |  Blog
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> >
> > >
> > > > > | Old Blog
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> >
> > >
> > > > > | Github <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> >
> > >
> > > > > |
> > > > LinkedIn <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=
> ZXJpZTE%3D&_c=aff046f7
> >
> > >
> > > > > | Book
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt
> ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
> > >
> > > > >
> > > >
> > > >
> > > > Le mer. 27 juin 2018 à 19:12, <rcohen@e1b.org> a écrit :
> > > >
> > > > > I'm running 7.0.4.  I have been deploying to webapps (<Deployments
> > > > > dir="apps" />   remains commented).
> > > > >
> > > > > Ross
> > > > >
> > > > >
> > > > >
> > > > > From:   "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
> > > > > To:     users@tomee.apache.org,
> > > > > Date:   06/27/2018 12:22 PM
> > > > > Subject:        Re: EAR deployment
> > > > >
> > > > >
> > > > >
> > > > > Hi
> > > > >
> > > > > What version of TomEE are you running?
> > > > >
> > > > > Are you deploying your EAR from webapps, or from apps with
> > > <Deployments
> > > > > dir="apps" /> added in tomee.xml?
> > > > >
> > > > > Regards
> > > > >
> > > > > Jon
> > > > >
> > > > > On Wed, Jun 27, 2018 at 5:15 PM, <rcohen@e1b.org> wrote:
> > > > >
> > > > > > I seem unable to deploy EARs.    I have set the catalina.policy
> > to:
> > > > > > grant {
> > > > > >         permission java.security.AllPermission;
> > > > > > };
> > > > > >
> > > > > > I have set the work directory to "work"  (and at deploy see
the
> > > > exploded
> > > > > > EAR there).
> > > > > >
> > > > > > Also I have set deployOnStartup to false, autoDeploy to true,
and
> > > > > > unpackWARs to true.
> > > > > >
> > > > > > On deploy, at first matters look promising.   It unpacks,
> > > initializes
> > > > my
> > > > > > EJBs, then I get single AccessContorlException
> > (RuntimePermistion),
> > > > > > followed by an infinitely repeating (every 5 seconds or so)
> access
> > > > > control
> > > > > > exception (FilePermission).
> > > > > >
> > > > > >
> > > > > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > > > > ejb-name=CloseEventsBean,
> > > > > > container=Default Singleton Container)
> > > > > > Jun 26, 2018 11:41:40 AM
> > > > org.apache.openejb.assembler.classic.Assembler
> > > > > > startEjbs
> > > > > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > > > > ejb-name=ManagerReminderBean, container=Default Singleton
> > Container)
> > > > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl
> > invoke
> > > > > > SEVERE: Exception invoking periodic operation:
> > > > > > java.security.AccessControlException: access denied
> > > > > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > > > >         at
> > > > > > java.security.AccessControlContext.checkPermission(
> > > > > > AccessControlContext.java:472)
> > > > > >         at
> > > > > >
> > > > >
> > > >
> > >
> > java.security.AccessController.checkPermission(
> AccessController.java:884)
> > > > > >         at
> > > > > >
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > >         at
> > java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > > > >         at
> > > > > >
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > > > >         at
> > > > > >
> > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > > > >         at
> > > > > >
> > > > >
> > > >
> > >
> > org.apache.openejb.util.JuliLogStream.isWarnEnabled(
> JuliLogStream.java:61)
> > > > > >         at
> > > > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > > > >         at org.apache.openejb.util.Logger.warning(Logger.java:
> 646)
> > > > > >         at
> > > > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > > > > TomcatWebAppBuilder.java:2233)
> > > > > >         at
> > > > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > > > > GlobalListenerSupport.java:141)
> > > > > >         at
> > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > > LifecycleBase.java:94)
> > > > > >         at
> > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > > ContainerBase.java:1164)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1388)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1392)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > run(ContainerBase.java:1360)
> > > > > >         at java.lang.Thread.run(Thread.java:748)
> > > > > >
> > > > > >
> > > > > >
> > > > > > Below is the repeating exception.
> > > > > >
> > > > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl
> > invoke
> > > > > > SEVERE: Exception invoking periodic operation:
> > > > > > java.security.AccessControlException: access denied
> > > > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\
> ROOT.war"
> > > > > "read")
> > > > > >         at
> > > > > > java.security.AccessControlContext.checkPermission(
> > > > > > AccessControlContext.java:472)
> > > > > >         at
> > > > > >
> > > > >
> > > >
> > >
> > java.security.AccessController.checkPermission(
> AccessController.java:884)
> > > > > >         at
> > > > > >
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > >         at
> > > > java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > > >         at java.io.File.exists(File.java:814)
> > > > > >         at
> > > > > > org.apache.catalina.startup.HostConfig.checkResources(
> > > > > > HostConfig.java:1296)
> > > > > >         at
> > > > > > org.apache.catalina.startup.HostConfig.check(HostConfig.
> java:1623)
> > > > > >         at
> > > > > >
> > > > >
> > > >
> > >
> > org.apache.catalina.startup.HostConfig.lifecycleEvent(
> HostConfig.java:314)
> > > > > >         at
> > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > > LifecycleBase.java:94)
> > > > > >         at
> > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > > ContainerBase.java:1164)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1388)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1392)
> > > > > >         at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > run(ContainerBase.java:1360)
> > > > > >         at java.lang.Thread.run(Thread.java:748)
> > > > > >
> > > > > >
> > > > > >
> > > > > > What am I missing?   I can see that the exception implies
> > additional
> > > > > > permissions, but why doesn't my blanket grant of all permission
> in
> > > the
> > > > > > catalina policy file cover this?
> > > > > >
> > > > > > Ross
> > > > > >
> > > > > >
> > > > > > Confidentiality Notice:
> > > > > > This electronic message and any attachments may contain
> > confidential
> > > > or
> > > > > > privileged information, and is intended only for the individual
> or
> > > > > entity
> > > > > > identified above as the addressee. If you are not the addressee
> > (or
> > > > the
> > > > > > employee or agent responsible to deliver it to the addressee),
or
> > if
> > > > > this
> > > > > > message has been addressed to you in error, you are hereby
> > notified
> > > > that
> > > > > > you may not copy, forward, disclose or use any part of this
> > message
> > > or
> > > > > any
> > > > > > attachments. Please notify the sender immediately by return
> e-mail
> > > or
> > > > > > telephone and delete this message from your system.
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > BEGIN-ANTISPAM-VOTING-LINKS
> > > > > ------------------------------------------------------
> > > > >
> > > > > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > > > > Spam:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > Not spam:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > Forget vote:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > END-ANTISPAM-VOTING-LINKS
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Confidentiality Notice:
> > > > > This electronic message and any attachments may contain
> confidential
> > > or
> > > > > privileged information, and is intended only for the individual or
> > > > entity
> > > > > identified above as the addressee. If you are not the addressee (or
> > > the
> > > > > employee or agent responsible to deliver it to the addressee), or
> if
> > > > this
> > > > > message has been addressed to you in error, you are hereby notified
> > > that
> > > > > you may not copy, forward, disclose or use any part of this message
> > or
> > > > any
> > > > > attachments. Please notify the sender immediately by return e-mail
> > or
> > > > > telephone and delete this message from your system.
> > > > >
> > > >
> > > >
> > > > --
> > > > BEGIN-ANTISPAM-VOTING-LINKS
> > > > ------------------------------------------------------
> > > >
> > > > Teach CanIt if this mail (ID 05W3USVJt) is spam:
> > > > Spam:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > Not spam:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > Forget vote:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > ------------------------------------------------------
> > > > END-ANTISPAM-VOTING-LINKS
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Confidentiality Notice:
> > > > This electronic message and any attachments may contain confidential
> > or
> > > > privileged information, and is intended only for the individual or
> > > entity
> > > > identified above as the addressee. If you are not the addressee (or
> > the
> > > > employee or agent responsible to deliver it to the addressee), or if
> > > this
> > > > message has been addressed to you in error, you are hereby notified
> > that
> > > > you may not copy, forward, disclose or use any part of this message
> or
> > > any
> > > > attachments. Please notify the sender immediately by return e-mail or
> > > > telephone and delete this message from your system.
> > > >
> > >
> > >
> > > --
> > > BEGIN-ANTISPAM-VOTING-LINKS
> > > ------------------------------------------------------
> > >
> > > Teach CanIt if this mail (ID 02W4fkxqC) is spam:
> > > Spam:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > Not spam:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > Forget vote:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > ------------------------------------------------------
> > > END-ANTISPAM-VOTING-LINKS
> > >
> > >
> > >
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message or
> > any
> > > attachments. Please notify the sender immediately by return e-mail or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 05W4k3PHx) is spam:
> > Spam:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > Not spam:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > Forget vote:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message