tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Gallimore <jonathan.gallim...@gmail.com>
Subject Re: EAR deployment
Date Mon, 20 Aug 2018 09:53:27 GMT
So I can explain a bit about what's going on here - everything goes ok with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:

        final String moduleID = newContext.getBeanContext().getModuleID();
        JavaSecurityManagers.setContextID(moduleID);

This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader).  Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and discussion
are welcome.

Jon

On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rcohen@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>>     permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From:   "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
>> To:     users@tomee.apache.org,
>> Date:   08/10/2018 12:54 PM
>> Subject:        Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ross.cohen.rc@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5?  My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if this
>> message has been addressed to you in error, you are hereby notified that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message