tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rco...@e1b.org
Subject Re: EAR deployment
Date Fri, 31 Aug 2018 14:40:33 GMT
John,

Thanks for the update -- I appreciate you looking into this.

Ross



From:   "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
To:     users@tomee.apache.org, 
Date:   08/20/2018 05:53 AM
Subject:        Re: EAR deployment



So I can explain a bit about what's going on here - everything goes ok 
with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:

        final String moduleID = newContext.getBeanContext().getModuleID();
        JavaSecurityManagers.setContextID(moduleID);

This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader).  Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vSG93LWNhbi1JLWVuYWJsZS1KQUNDLWluLVRvbUVFLXRwNDY3MzExM3A0Njc5NzQ2Lmh0bWw%3D&_s=ZXJpZTE%3D&_c=0f754806
).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and 
discussion
are welcome.

Jon

On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rcohen@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>>     permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From:   "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
>> To:     users@tomee.apache.org,
>> Date:   08/10/2018 12:54 PM
>> Subject:        Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me 
debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ross.cohen.rc@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5?  My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or 
entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if 
this
>> message has been addressed to you in error, you are hereby notified 
that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>


-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 04WplRxa3) is spam:
Spam:        
https://milton-web.wnyric.org/canit/b.php?c=s&i=04WplRxa3&m=cae8652407e2&t=20180820

Not spam:    
https://milton-web.wnyric.org/canit/b.php?c=n&i=04WplRxa3&m=cae8652407e2&t=20180820

Forget vote: 
https://milton-web.wnyric.org/canit/b.php?c=f&i=04WplRxa3&m=cae8652407e2&t=20180820

------------------------------------------------------
END-ANTISPAM-VOTING-LINKS





Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message