tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Gallimore <jonathan.gallim...@gmail.com>
Subject Re: EAR deployment
Date Wed, 29 May 2019 10:39:25 GMT
I know its been a while... I did just commit a patch for this issue:
https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if this
helps with this issue at all. I'll run my own test when I get a sec, but if
you're able to give it a go, that would be awesome.

Jon

On Mon, Aug 20, 2018 at 10:53 AM Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> So I can explain a bit about what's going on here - everything goes ok
> with the security manager switched on, up until the point where we pass
> through OpenEJB's security service, at which point we do this:
>
>         final String moduleID = newContext.getBeanContext().getModuleID();
>         JavaSecurityManagers.setContextID(moduleID);
>
> This sets a JACC security context which is then used to evaluate
> permissions, which appears to reject the permission required (in this case
> java.lang.RuntimePermission / setContextClassLoader).  Further research,
> and hazy memory of other conversations make me think that there are some
> gaps in JACC in TomEE (
> http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
> It strikes me that we should be able to get this to work. It'll need a bit
> more research on my part, however, so bear with me. Thoughts and discussion
> are welcome.
>
> Jon
>
> On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
>> Thanks, that's useful.
>>
>> Jon
>>
>> On Mon, Aug 13, 2018 at 3:15 PM, <rcohen@e1b.org> wrote:
>>
>>> Security policy is very simple right now:
>>>
>>> grant {
>>>     permission java.security.AllPermission;
>>> };
>>>
>>> Thanks!
>>> Ross
>>>
>>>
>>>
>>> From:   "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
>>> To:     users@tomee.apache.org,
>>> Date:   08/10/2018 12:54 PM
>>> Subject:        Re: EAR deployment
>>>
>>>
>>>
>>> It didn't, sorry. I still want to work on it and should have time next
>>> week. Are you able to share your security manager policy to help me debug
>>> it through?
>>>
>>> Jon
>>>
>>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ross.cohen.rc@gmail.com> wrote:
>>>
>>> > Any chance this got fixed in 7.0.5?  My hopes aren't too high, and I
>>> > already
>>> > have an ugly work-around, but still ...
>>> >
>>> > Ross
>>> >
>>> >
>>> >
>>> > --
>>> > Sent from:
>>> >
>>>
>>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>>
>>> >
>>>
>>>
>>> --
>>> BEGIN-ANTISPAM-VOTING-LINKS
>>> ------------------------------------------------------
>>>
>>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>>> Spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Not spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Forget vote:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> ------------------------------------------------------
>>> END-ANTISPAM-VOTING-LINKS
>>>
>>>
>>>
>>>
>>>
>>> Confidentiality Notice:
>>> This electronic message and any attachments may contain confidential or
>>> privileged information, and is intended only for the individual or
>>> entity
>>> identified above as the addressee. If you are not the addressee (or the
>>> employee or agent responsible to deliver it to the addressee), or if
>>> this
>>> message has been addressed to you in error, you are hereby notified that
>>> you may not copy, forward, disclose or use any part of this message or
>>> any
>>> attachments. Please notify the sender immediately by return e-mail or
>>> telephone and delete this message from your system.
>>>
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message