Hi! I've hit a an issue with newer java versions and an old OpenEJB v4.5.2. The issue is caused by the following change in the JRE:
security-libs/java.security *DomainCombiner will no longer consult runtime policy for static ProtectionDomain objects when combining ProtectionDomain objects* Applications which use static ProtectionDomain objects (created using the 2-arg constructor) with an insufficient set of permissions may now get an AccessControlException with this fix. They should either replace the static ProtectionDomain objects with dynamic ones (using the 4-arg constructor) whose permission set will be expanded by the current Policy or construct the static ProtectionDomain object with all the necessary permissions. JDK-8147771 (not public) So now we are getting "EJBAccessException: Unauthorized Access by Principal Denied" when trying to create an EJB because of that fix. Any idea how we can solve that issue (moving to a newer openejb is not an option) ? Best regards, Svetlin
