tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajan, Ajith" <>
Date Wed, 12 Oct 2016 14:44:42 GMT

Trust you are able to assist.

We are using a Tomcat version 8.0.36 but however as we also have few applications hosted in
EJB, we went ahead in utilizing the TOMEE WAR on our Tomcat server to provide the required
container for EJB deployments. Now, when the tomcat server is started in secure mode, there
are few permissions as highlighted below that seem to be mandatory for successful TOMEE WAR

ü  grant codeBase "file:${catalina.base}/webapps/tomee/-" {permission;};

ü  permission "setPolicy";

ü  permission "doAsPrivileged";

Providing the above highlighted permission is not approved by our Infrastructure team citing
security risks. The questions we have are:

Ø  Are we really compromising security in any way when we provide the highlighted permission??

Ø  Considering TOMEE is also an Apache product, do you recommend providing ALL permissions
for TOMEE??

Ø  Are there any other alternatives or recommendations to make the TOMEE war deployment successful
without providing the above said permissions??

Thank You for the support & advice...

Many Thanks,

Senior Delivery Manager | Global Technology Solutions | BI WORLDWIDE INDIA
d 91.44.4480 9402  |  m 91.99625 18508
Australia | Canada | China | India | LATAM | UK | US<>

This e-mail message is being sent solely for use by the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution is prohibited.
 If you are not the intended recipient, please contact the sender by phone or reply by e-mail,
delete the original message and destroy all copies. Thank you.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message