[
https://issues.apache.org/jira/browse/TOMEE-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15554899#comment-15554899
]
Romain Manni-Bucau commented on TOMEE-1956:
-------------------------------------------
this is still needed on 7.0.1 and coming 2. This is a required permission to
use security with EJB (for JAAS).
> Security Permission "doAsPrivileged"
> ------------------------------------
>
> Key: TOMEE-1956
> URL: https://issues.apache.org/jira/browse/TOMEE-1956
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.0-M1
> Environment: Tomcat 8.0.36
> Reporter: Magesh
> Labels: security
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Hi,
> We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB
> application deployment.
> We are not facing any issue if we start the tomcat server normally and all
> our EJB applications are getting deployed properly.
> If we start the tomcat server with security mode enabled -security, while
> accessing some modules in our application we are getting the below exception
> to add "doAsPrivileged" security permission in policy file.
> permission javax.security.auth.AuthPermission "doAsPrivileged";
> Log:
>
> ---------------------------------------------------------------------------------------------------
> org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw
> an exception
> java.security.AccessControlException: access denied
> ("javax.security.auth.AuthPermission" "doAsPrivileged")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:467)
> at
> org.apache.openejb.core.security.AbstractSecurityService$SecurityContext.<init>(AbstractSecurityService.java:408)
> at
> org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:167)
> at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
> at
> org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
> at
> org.apache.openejb.core.ivm.EjbHomeProxyHandler.create(EjbHomeProxyHandler.java:343)
> at
> org.apache.openejb.core.ivm.EjbHomeProxyHandler._invoke(EjbHomeProxyHandler.java:196)
> at
> org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
> at com.sun.proxy.$Proxy51.create(Unknown Source)
> at
> org.apache.openejb.core.ivm.naming.BusinessLocalReference.getObject(BusinessLocalReference.java:36)
> at
> org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:175)
> at
> org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:291)
> at org.apache.naming.NamingContext.lookup(NamingContext.java:829)
> at org.apache.naming.NamingContext.lookup(NamingContext.java:166)
> at org.apache.naming.SelectorContext.lookup(SelectorContext.java:157)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
>
> ----------------------------------------------------------------------------------------------------
> But as per our policy they wont provide this permission. Could you please
> let us know whether this issue is fixed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
