[
https://issues.apache.org/jira/browse/TOMEE-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-2014.
------------------------------------
Resolution: Auto Closed
Hi there!
We wanted to reach out and let you know that we're currently working on
cleaning up open issues in Jira that specifically impact unsupported versions,
including 1.7.x, 7.0.x, and 7.1.x.
If you had previously reported this issue on one of these unsupported versions,
we kindly ask you to check if the problem still persists and can be reproduced
on a supported version such as 8.0.x or 9.0.x. If you find that it is indeed
reproducible on a supported version, you're more than welcome to re-open this
issue.
Thanks!
> Security Permission for setPolicy
> ---------------------------------
>
> Key: TOMEE-2014
> URL: https://issues.apache.org/jira/browse/TOMEE-2014
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 7.0.2
> Reporter: Magesh
> Priority: Major
> Attachments: AbstractSecurityService.java, openejb-core.patch,
> tomee-catalina.patch, tomee1.patch, tomee2.patch
>
>
> Hi,
> We deployed our application that uses EJB in Tomee Server
> (apache-tomee-plus-7.0.2) with security mode enabled. We are getting the
> exception to add the below permission in catalina.policy file.
> permission java.security.SecurityPermission "setPolicy";
> Log:
> java.security.AccessControlException: access denied
> ("java.security.SecurityPermission" "setPolicy")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at javax.security.jacc.PolicyContext.setContextID(PolicyContext.java:49)
> at
> org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:153)
> at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
> at
> org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
> at
> org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(EjbObjectProxyHandler.java:265)
> at
> org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:260)
> at
> org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:89)
> at
> org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:347)
> at com.sun.proxy.$Proxy79.getVersionPhases(Unknown Source)
> at
> biaccounting.presentation.servlet.InitServlet.initReferenceLists(InitServlet.java:141)
> at
> biaccounting.presentation.servlet.InitServlet.init(InitServlet.java:54)
> at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> To fix this, we commented the below lines in the class
> AbstractSecurityService.java (Please find attached)
> PolicyContext.setContextID(moduleID); --> Line#138
> PolicyContext.setContextID(null); --> Line#175
> PolicyContext.setContextID(reenteredContext.getBeanContext().getModuleID());
> -->Line#177
> We have done this as a temporary fix from our end. Please let us know whether
> will this be fixed in the future release ? please let us know your comment on
> this one.
> Thanks & Regards,
> Magesh M
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
