I know its been a while... I did just commit a patch for this issue: https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if this helps with this issue at all. I'll run my own test when I get a sec, but if you're able to give it a go, that would be awesome.
Jon On Mon, Aug 20, 2018 at 10:53 AM Jonathan Gallimore < [email protected]> wrote: > So I can explain a bit about what's going on here - everything goes ok > with the security manager switched on, up until the point where we pass > through OpenEJB's security service, at which point we do this: > > final String moduleID = newContext.getBeanContext().getModuleID(); > JavaSecurityManagers.setContextID(moduleID); > > This sets a JACC security context which is then used to evaluate > permissions, which appears to reject the permission required (in this case > java.lang.RuntimePermission / setContextClassLoader). Further research, > and hazy memory of other conversations make me think that there are some > gaps in JACC in TomEE ( > http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html). > It strikes me that we should be able to get this to work. It'll need a bit > more research on my part, however, so bear with me. Thoughts and discussion > are welcome. > > Jon > > On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore < > [email protected]> wrote: > >> Thanks, that's useful. >> >> Jon >> >> On Mon, Aug 13, 2018 at 3:15 PM, <[email protected]> wrote: >> >>> Security policy is very simple right now: >>> >>> grant { >>> permission java.security.AllPermission; >>> }; >>> >>> Thanks! >>> Ross >>> >>> >>> >>> From: "Jonathan Gallimore" <[email protected]> >>> To: [email protected], >>> Date: 08/10/2018 12:54 PM >>> Subject: Re: EAR deployment >>> >>> >>> >>> It didn't, sorry. I still want to work on it and should have time next >>> week. Are you able to share your security manager policy to help me debug >>> it through? >>> >>> Jon >>> >>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <[email protected]> wrote: >>> >>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I >>> > already >>> > have an ugly work-around, but still ... >>> > >>> > Ross >>> > >>> > >>> > >>> > -- >>> > Sent from: >>> > >>> >>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580 >>> >>> > >>> >>> >>> -- >>> BEGIN-ANTISPAM-VOTING-LINKS >>> ------------------------------------------------------ >>> >>> Teach CanIt if this mail (ID 02WlsSioE) is spam: >>> Spam: >>> >>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810 >>> >>> Not spam: >>> >>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810 >>> >>> Forget vote: >>> >>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810 >>> >>> ------------------------------------------------------ >>> END-ANTISPAM-VOTING-LINKS >>> >>> >>> >>> >>> >>> Confidentiality Notice: >>> This electronic message and any attachments may contain confidential or >>> privileged information, and is intended only for the individual or >>> entity >>> identified above as the addressee. If you are not the addressee (or the >>> employee or agent responsible to deliver it to the addressee), or if >>> this >>> message has been addressed to you in error, you are hereby notified that >>> you may not copy, forward, disclose or use any part of this message or >>> any >>> attachments. Please notify the sender immediately by return e-mail or >>> telephone and delete this message from your system. >>> >> >> >
