tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magesh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TOMEE-1956) Security Permission "doAsPrivileged"
Date Fri, 07 Oct 2016 10:37:20 GMT
Magesh created TOMEE-1956:
-----------------------------

             Summary: Security Permission "doAsPrivileged"
                 Key: TOMEE-1956
                 URL: https://issues.apache.org/jira/browse/TOMEE-1956
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 7.0.0-M1
         Environment: Tomcat 8.0.36
            Reporter: Magesh


Hi,
 We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB application deployment.

We are not facing any issue if we start the tomcat server normally and all our EJB applications
are getting deployed properly.

If we start the tomcat server with security mode enabled -security, while accessing some modules
in our application we are getting the below exception to add "doAsPrivileged" security permission
in policy file.

permission javax.security.auth.AuthPermission "doAsPrivileged";

Log:
 ---------------------------------------------------------------------------------------------------
 	org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw an exception
 java.security.AccessControlException: access denied ("javax.security.auth.AuthPermission"
"doAsPrivileged")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.security.AccessController.checkPermission(AccessController.java:884)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:467)
	at org.apache.openejb.core.security.AbstractSecurityService$SecurityContext.<init>(AbstractSecurityService.java:408)
	at org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:167)
	at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
	at org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
	at org.apache.openejb.core.ivm.EjbHomeProxyHandler.create(EjbHomeProxyHandler.java:343)
	at org.apache.openejb.core.ivm.EjbHomeProxyHandler._invoke(EjbHomeProxyHandler.java:196)
	at org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
	at com.sun.proxy.$Proxy51.create(Unknown Source)
	at org.apache.openejb.core.ivm.naming.BusinessLocalReference.getObject(BusinessLocalReference.java:36)
	at org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:175)
	at org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:291)
	at org.apache.naming.NamingContext.lookup(NamingContext.java:829)
	at org.apache.naming.NamingContext.lookup(NamingContext.java:166)
	at org.apache.naming.SelectorContext.lookup(SelectorContext.java:157)
	at javax.naming.InitialContext.lookup(InitialContext.java:417)
 ----------------------------------------------------------------------------------------------------
 But as per our policy they wont provide this permission. Could you please let us know whether
this issue is fixed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message