Hi, Trust you are able to assist.
We are using a Tomcat version 8.0.36 but however as we also have few applications hosted in EJB, we went ahead in utilizing the TOMEE WAR on our Tomcat server to provide the required container for EJB deployments. Now, when the tomcat server is started in secure mode, there are few permissions as highlighted below that seem to be mandatory for successful TOMEE WAR deployment. ü grant codeBase "file:${catalina.base}/webapps/tomee/-" {permission java.security.AllPermission;}; ü permission java.security.SecurityPermission "setPolicy"; ü permission javax.security.auth.AuthPermission "doAsPrivileged"; Providing the above highlighted permission is not approved by our Infrastructure team citing security risks. The questions we have are: Ø Are we really compromising security in any way when we provide the highlighted permission?? Ø Considering TOMEE is also an Apache product, do you recommend providing ALL permissions for TOMEE?? Ø Are there any other alternatives or recommendations to make the TOMEE war deployment successful without providing the above said permissions?? Thank You for the support & advice... Many Thanks, AJITH RAJAN Senior Delivery Manager | Global Technology Solutions | BI WORLDWIDE INDIA d 91.44.4480 9402 | m 91.99625 18508 BI WORLDWIDE Australia | Canada | China | India | LATAM | UK | US www.biworldwide.com<http://www.biworldwide.com/> [cid:image001.jpg@01D1D0B0.FCC70D20]<http://blog.biworldwide.co.in/> This e-mail message is being sent solely for use by the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply by e-mail, delete the original message and destroy all copies. Thank you.