[
https://issues.apache.org/jira/browse/TOMEE-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-1956.
------------------------------------
Resolution: Auto Closed
Hi there!
We wanted to reach out and let you know that we're currently working on
cleaning up open issues in Jira that specifically impact unsupported versions,
including 1.7.x, 7.0.x, and 7.1.x.
If you had previously reported this issue on one of these unsupported versions,
we kindly ask you to check if the problem still persists and can be reproduced
on a supported version such as 8.0.x or 9.0.x. If you find that it is indeed
reproducible on a supported version, you're more than welcome to re-open this
issue.
Thanks!
> Security Permission "doAsPrivileged"
> ------------------------------------
>
> Key: TOMEE-1956
> URL: https://issues.apache.org/jira/browse/TOMEE-1956
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.0-M1
> Environment: Tomcat 8.0.36
> Reporter: Magesh
> Priority: Major
> Labels: security
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Hi,
> We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB
> application deployment.
> We are not facing any issue if we start the tomcat server normally and all
> our EJB applications are getting deployed properly.
> If we start the tomcat server with security mode enabled -security, while
> accessing some modules in our application we are getting the below exception
> to add "doAsPrivileged" security permission in policy file.
> permission javax.security.auth.AuthPermission "doAsPrivileged";
> Log:
>
> ---------------------------------------------------------------------------------------------------
> org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw
> an exception
> java.security.AccessControlException: access denied
> ("javax.security.auth.AuthPermission" "doAsPrivileged")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:467)
> at
> org.apache.openejb.core.security.AbstractSecurityService$SecurityContext.<init>(AbstractSecurityService.java:408)
> at
> org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:167)
> at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
> at
> org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
> at
> org.apache.openejb.core.ivm.EjbHomeProxyHandler.create(EjbHomeProxyHandler.java:343)
> at
> org.apache.openejb.core.ivm.EjbHomeProxyHandler._invoke(EjbHomeProxyHandler.java:196)
> at
> org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
> at com.sun.proxy.$Proxy51.create(Unknown Source)
> at
> org.apache.openejb.core.ivm.naming.BusinessLocalReference.getObject(BusinessLocalReference.java:36)
> at
> org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:175)
> at
> org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:291)
> at org.apache.naming.NamingContext.lookup(NamingContext.java:829)
> at org.apache.naming.NamingContext.lookup(NamingContext.java:166)
> at org.apache.naming.SelectorContext.lookup(SelectorContext.java:157)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
>
> ----------------------------------------------------------------------------------------------------
> But as per our policy they wont provide this permission. Could you please
> let us know whether this issue is fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
