tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajan, Ajith" <Ajith.Ra...@biworldwide.com>
Subject TOMEE DROP IN WAR DEPLOYMENT
Date Wed, 12 Oct 2016 14:44:42 GMT
Hi,

Trust you are able to assist.

We are using a Tomcat version 8.0.36 but however as we also have few applications hosted in
EJB, we went ahead in utilizing the TOMEE WAR on our Tomcat server to provide the required
container for EJB deployments. Now, when the tomcat server is started in secure mode, there
are few permissions as highlighted below that seem to be mandatory for successful TOMEE WAR
deployment.


ü  grant codeBase "file:${catalina.base}/webapps/tomee/-" {permission java.security.AllPermission;};

ü  permission java.security.SecurityPermission "setPolicy";

ü  permission javax.security.auth.AuthPermission "doAsPrivileged";

Providing the above highlighted permission is not approved by our Infrastructure team citing
security risks. The questions we have are:


Ø  Are we really compromising security in any way when we provide the highlighted permission??

Ø  Considering TOMEE is also an Apache product, do you recommend providing ALL permissions
for TOMEE??

Ø  Are there any other alternatives or recommendations to make the TOMEE war deployment successful
without providing the above said permissions??

Thank You for the support & advice...

Many Thanks,

AJITH RAJAN
Senior Delivery Manager | Global Technology Solutions | BI WORLDWIDE INDIA
d 91.44.4480 9402  |  m 91.99625 18508
BI WORLDWIDE
Australia | Canada | China | India | LATAM | UK | US
www.biworldwide.com<http://www.biworldwide.com/>
[cid:image001.jpg@01D1D0B0.FCC70D20]<http://blog.biworldwide.co.in/>


This e-mail message is being sent solely for use by the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution is prohibited.
 If you are not the intended recipient, please contact the sender by phone or reply by e-mail,
delete the original message and destroy all copies. Thank you.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message