tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magesh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-1956) Security Permission "doAsPrivileged"
Date Fri, 07 Oct 2016 12:23:20 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15554954#comment-15554954
] 

Magesh commented on TOMEE-1956:
-------------------------------

Are you saying that the below permissions are needed for tomee plugin deployment?

grant codeBase "file:${catalina.base}/webapps/tomee/-"
{ permission java.security.AllPermission; }
;
permission java.security.SecurityPermission "setPolicy";

permission javax.security.auth.AuthPermission "doAsPrivileged";

> Security Permission "doAsPrivileged"
> ------------------------------------
>
>                 Key: TOMEE-1956
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1956
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 7.0.0-M1
>         Environment: Tomcat 8.0.36
>            Reporter: Magesh
>              Labels: security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Hi,
>  We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB application deployment.
> We are not facing any issue if we start the tomcat server normally and all our EJB applications
are getting deployed properly.
> If we start the tomcat server with security mode enabled -security, while accessing some
modules in our application we are getting the below exception to add "doAsPrivileged" security
permission in policy file.
> permission javax.security.auth.AuthPermission "doAsPrivileged";
> Log:
>  ---------------------------------------------------------------------------------------------------
>  	org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw an exception
>  java.security.AccessControlException: access denied ("javax.security.auth.AuthPermission"
"doAsPrivileged")
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> 	at java.security.AccessController.checkPermission(AccessController.java:884)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> 	at javax.security.auth.Subject.doAsPrivileged(Subject.java:467)
> 	at org.apache.openejb.core.security.AbstractSecurityService$SecurityContext.<init>(AbstractSecurityService.java:408)
> 	at org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:167)
> 	at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
> 	at org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
> 	at org.apache.openejb.core.ivm.EjbHomeProxyHandler.create(EjbHomeProxyHandler.java:343)
> 	at org.apache.openejb.core.ivm.EjbHomeProxyHandler._invoke(EjbHomeProxyHandler.java:196)
> 	at org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
> 	at com.sun.proxy.$Proxy51.create(Unknown Source)
> 	at org.apache.openejb.core.ivm.naming.BusinessLocalReference.getObject(BusinessLocalReference.java:36)
> 	at org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:175)
> 	at org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:291)
> 	at org.apache.naming.NamingContext.lookup(NamingContext.java:829)
> 	at org.apache.naming.NamingContext.lookup(NamingContext.java:166)
> 	at org.apache.naming.SelectorContext.lookup(SelectorContext.java:157)
> 	at javax.naming.InitialContext.lookup(InitialContext.java:417)
>  ----------------------------------------------------------------------------------------------------
>  But as per our policy they wont provide this permission. Could you please let us know
whether this issue is fixed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message