tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magesh (JIRA)" <>
Subject [jira] [Created] (TOMEE-2014) Security Permission for setPolicy
Date Thu, 09 Feb 2017 13:46:41 GMT
Magesh created TOMEE-2014:

             Summary: Security Permission for setPolicy
                 Key: TOMEE-2014
             Project: TomEE
          Issue Type: Bug
          Components: TomEE Core Server
    Affects Versions: 7.0.2
            Reporter: Magesh

  We deployed our application that uses EJB in Tomee Server (apache-tomee-plus-7.0.2) with
security mode enabled. We are getting the exception to add the below permission in catalina.policy

permission "setPolicy";

Log: access denied (""
	at java.lang.SecurityManager.checkPermission(
	at org.apache.openejb.core.ThreadContext.enter(
	at org.apache.openejb.core.stateless.StatelessContainer.invoke(
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(
	at org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(
	at com.sun.proxy.$Proxy79.getVersionPhases(Unknown Source)
	at biaccounting.presentation.servlet.InitServlet.initReferenceLists(
	at biaccounting.presentation.servlet.InitServlet.init(
	at javax.servlet.GenericServlet.init(
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
	at java.lang.reflect.Method.invoke(

To fix this, we commented the below lines in the class (Please
find attached)

PolicyContext.setContextID(moduleID); --> Line#138
PolicyContext.setContextID(null); --> Line#175
PolicyContext.setContextID(reenteredContext.getBeanContext().getModuleID()); -->Line#177

We have done this as a temporary fix from our end. Please let us know whether will this be
fixed in the future release ? please let us know your comment on this one.

Thanks  & Regards,
Magesh M

This message was sent by Atlassian JIRA

View raw message