Return-Path: <commits-return-39169-archive-asf-public=cust-asf.ponee.io@tomee.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 8DE4E200B9A
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri,  7 Oct 2016 12:30:22 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 8C813160AE9; Fri,  7 Oct 2016 10:30:22 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id DCD26160AD6
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  7 Oct 2016 12:30:21 +0200 (CEST)
Received: (qmail 49887 invoked by uid 500); 7 Oct 2016 10:30:20 -0000
Mailing-List: contact commits-help@tomee.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@tomee.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@tomee.apache.org>
List-Post: <mailto:commits@tomee.apache.org>
List-Id: <commits.tomee.apache.org>
Reply-To: dev@tomee.apache.org
Delivered-To: mailing list commits@tomee.apache.org
Received: (qmail 49621 invoked by uid 500); 7 Oct 2016 10:30:20 -0000
Delivered-To: apmail-openejb-commits@openejb.apache.org
Received: (qmail 49611 invoked by uid 99); 7 Oct 2016 10:30:20 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Oct 2016 10:30:20 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id A23702C0D54
	for <commits@openejb.apache.org>; Fri,  7 Oct 2016 10:30:20 +0000 (UTC)
Date: Fri, 7 Oct 2016 10:30:20 +0000 (UTC)
From: "Magesh (JIRA)" <jira@apache.org>
To: commits@openejb.apache.org
Message-ID: <JIRA.13010418.1475836207000.762201.1475836220661@Atlassian.JIRA>
In-Reply-To: <JIRA.13010418.1475836207000@Atlassian.JIRA>
References: <JIRA.13010418.1475836207000@Atlassian.JIRA> <JIRA.13010418.1475836207846@arcas>
Subject: [jira] [Created] (TOMEE-1955) Security Permission "setPolicy"
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Fri, 07 Oct 2016 10:30:22 -0000

Magesh created TOMEE-1955:
-----------------------------

             Summary: Security Permission "setPolicy"
                 Key: TOMEE-1955
                 URL: https://issues.apache.org/jira/browse/TOMEE-1955
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 7.0.0-M1
         Environment: Tomcat 8.0.36
            Reporter: Magesh


Hi,
 We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB application deployment.

We are not facing any issue if we start the tomcat server normally and all our EJB applications are getting deployed properly.

If we start the tomcat server with security mode enabled -security, while accessing some modules in our application we are getting the below exception to add "setPolicy" security permission in policy file.

permission java.security.SecurityPermission "setPolicy";

Log:
---------------------------------------------------------------------------------------------------
org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw an exception
 java.security.AccessControlException: access denied ("java.security.SecurityPermission" "setPolicy")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.security.AccessController.checkPermission(AccessController.java:884)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at javax.security.jacc.PolicyContext.setContextID(PolicyContext.java:49)
	at org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:148)
	at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
	at org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(EjbObjectProxyHandler.java:265)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:260)
	at org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:89)
	at org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
----------------------------------------------------------------------------------------------------
But as per our policy they wont provide this permission. Could you please let us know whether this issue is fixed.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)