Yes, this is what I mentionned. I don't have a ready to use policy file but this one likely doesn't allow much. What is surprising is you don't have an error in the logs?
Depending your level of confidence you can debug tomee here https://github.com/apache/tomee/blob/master/container/openejb-core/src/main/java/org/apache/openejb/config/AnnotationDeployer.java#L5707 My suspicion is the scanning doesn't have access to the classes to scan. Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2016-12-07 9:56 GMT+01:00 Nisala Niroshana Nanayakkara < nisalanirosh...@gmail.com>: > Hi Romain, > > Thanks for the quick response. I have given all permission in the policy > file. But it did not work. When I enabled the security logs, > I observed that classes inside WEB-INF/classes has given the read > permission also. But the endpoints are not working. If I packed those > classes into a jar and put it to WEB-INF/lib. Please find the policy code > segment below. Please go through it and let me know if there any problems. > > grant { > permission java.net.SocketPermission "*:1-65535", "connect,resolve"; > permission java.util.PropertyPermission "http.proxyHost", "read"; > permission java.util.PropertyPermission "http.nonProxyHosts", "read"; > permission java.util.PropertyPermission "adb.converterutil", "read"; > permission java.lang.RuntimePermission "setContextClassLoader"; > permission java.lang.management.ManagementPermission "control"; > permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; > permission javax.management.MBeanServerPermission "*"; > permission javax.management.MBeanPermission "*", "*"; > permission java.lang.RuntimePermission "accessDeclaredMembers"; > permission java.util.PropertyPermission "*", "read"; > permission java.util.PropertyPermission "*", "read,write"; > permission java.lang.RuntimePermission "getenv.*"; > permission java.lang.RuntimePermission "getClassLoader"; > permission java.lang.RuntimePermission > "accessClassInPackage.org.apache.catalina.loader"; > }; > > Thanks, > Nisala > > On Wed, Dec 7, 2016 at 2:15 PM, Romain Manni-Bucau <rmannibu...@gmail.com> > wrote: > > > hi > > > > did you configure the security manager policy? If not maybe start from > > giving it AllPermission to check it works and then try to configure it to > > ensure openejb and cxf can do their work. > > > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://blog-rmannibucau.rhcloud.com> | Old Blog > > <http://rmannibucau.wordpress.com> | Github <https://github.com/ > > rmannibucau> | > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory > > <https://javaeefactory-rmannibucau.rhcloud.com> > > > > 2016-12-07 9:43 GMT+01:00 Nisala Niroshana Nanayakkara < > > nisalanirosh...@gmail.com>: > > > > > Hi, > > > > > > I am trying to deploy javaee web app which contains some classes inside > > the > > > WEB-INF/classes directory. These classes exposes some JAX-RS enpoints. > > Once > > > I enabled the java security manager, those endpoints are not working > > (404 - > > > Not found error). It was working as expected when I disabled the java > > > security manager. I tried to pack these classes inside WEB-INF/classes > > > directory into a jar and put it in the WEB-INF/lib directory. Then the > > > above mentioned issue is resolved and working as expected. Is there any > > > special configuration to resolve this issue ? Can you provide your kind > > > input about this matter. > > > > > > Thanks, > > > Nisala > > > > > > -- > > > > > > *Best Regards,Nisala Niroshana Nanayakkara,* > > > *Bsc. Eng Undergraduate | Department of Computer Science & Engineering > | > > > University of Moratuwa | Sri Lanka* > > > *Director | Leo Club of University of Moratuwa.* > > > > > > *Mobile | +94717600022* > > > > > > > > > -- > > *Best Regards,Nisala Niroshana Nanayakkara,* > *Bsc. Eng Undergraduate | Department of Computer Science & Engineering | > University of Moratuwa | Sri Lanka* > *Director | Leo Club of University of Moratuwa.* > > *Mobile | +94717600022* >
