tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magesh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-2013) Java PropertyPermisssion
Date Wed, 08 Feb 2017 08:06:41 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15857614#comment-15857614
] 

Magesh commented on TOMEE-2013:
-------------------------------

Hi,
  The issue was due to the line #54 in Logger.java  configure(System.getProperties());. We
tried to replace this line with configure(new Properties()); but we are getting NullPointerException,
so we have commented the Logger instantiation lines in the classes JtaTransactionPolicy and
EjbTransactionUtil and it is working fine .We have created the patch and uploaded the same(tomee.patch)
. Please check and let us know.

> Java PropertyPermisssion
> ------------------------
>
>                 Key: TOMEE-2013
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2013
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 7.0.2
>            Reporter: Magesh
>              Labels: security
>         Attachments: Logger.java, openejb-core-7.0.2.jar, Security_Permissions_openejb.txt,
tomee.patch
>
>
> Hi,
>   We are using TOMEE server (apache-tomee-plus-7.0.2) to deploy our applications which
uses EJBs. When we run the server with security mode enabled, applications are not getting
deployed without the below permission.
> permission java.util.PropertyPermission "*", "read,write";
> We did some changes to the openejb-core-7.0.2.jar file in the classes org.apache.openejb.core.transaction.EjbTransactionUtil,
org.apache.openejb.core.transaction.JtaTransactionPolicy
> After the changes were made the following specific permissions were required.
>                permission java.util.PropertyPermission "javax.persistence.transactionType",
"read";
>                permission java.util.PropertyPermission "javax.persistence.schema-generation.database.action",
"read";
>                permission java.util.PropertyPermission "javax.persistence.schema-generation.scripts.action",
"read";
>                permission java.util.PropertyPermission "javax.persistence.jdbc.user",
"read";
>                permission java.util.PropertyPermission "javax.persistence.jdbc.password",
"read";
>                permission java.util.PropertyPermission "javax.persistence.jtaDataSource",
"read";
>                permission java.util.PropertyPermission "javax.persistence.nonJtaDataSource",
"read";
>                permission java.util.PropertyPermission "javax.persistence.lock.timeout",
"read";
>                permission java.util.PropertyPermission "javax.persistence.query.timeout",
"read";
>                permission java.util.PropertyPermission "javax.persistence.schema-generation.connection",
"read";
>                permission java.util.PropertyPermission "javax.persistence.sql-load-script-source",
"read";
>                permission java.util.PropertyPermission "org.eclipse.persistence.querymonitor",
"read";
> Will this be addressed in the future release or else the permissions are required.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message