[ https://issues.apache.org/jira/browse/TOMEE-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15554899#comment-15554899 ]
Romain Manni-Bucau commented on TOMEE-1956: ------------------------------------------- this is still needed on 7.0.1 and coming 2. This is a required permission to use security with EJB (for JAAS). > Security Permission "doAsPrivileged" > ------------------------------------ > > Key: TOMEE-1956 > URL: https://issues.apache.org/jira/browse/TOMEE-1956 > Project: TomEE > Issue Type: Bug > Affects Versions: 7.0.0-M1 > Environment: Tomcat 8.0.36 > Reporter: Magesh > Labels: security > Original Estimate: 24h > Remaining Estimate: 24h > > Hi, > We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB > application deployment. > We are not facing any issue if we start the tomcat server normally and all > our EJB applications are getting deployed properly. > If we start the tomcat server with security mode enabled -security, while > accessing some modules in our application we are getting the below exception > to add "doAsPrivileged" security permission in policy file. > permission javax.security.auth.AuthPermission "doAsPrivileged"; > Log: > > --------------------------------------------------------------------------------------------------- > org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw > an exception > java.security.AccessControlException: access denied > ("javax.security.auth.AuthPermission" "doAsPrivileged") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.security.AccessController.checkPermission(AccessController.java:884) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at javax.security.auth.Subject.doAsPrivileged(Subject.java:467) > at > org.apache.openejb.core.security.AbstractSecurityService$SecurityContext.<init>(AbstractSecurityService.java:408) > at > org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:167) > at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60) > at > org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169) > at > org.apache.openejb.core.ivm.EjbHomeProxyHandler.create(EjbHomeProxyHandler.java:343) > at > org.apache.openejb.core.ivm.EjbHomeProxyHandler._invoke(EjbHomeProxyHandler.java:196) > at > org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319) > at com.sun.proxy.$Proxy51.create(Unknown Source) > at > org.apache.openejb.core.ivm.naming.BusinessLocalReference.getObject(BusinessLocalReference.java:36) > at > org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:175) > at > org.apache.openejb.core.ivm.naming.IvmContext.lookup(IvmContext.java:291) > at org.apache.naming.NamingContext.lookup(NamingContext.java:829) > at org.apache.naming.NamingContext.lookup(NamingContext.java:166) > at org.apache.naming.SelectorContext.lookup(SelectorContext.java:157) > at javax.naming.InitialContext.lookup(InitialContext.java:417) > > ---------------------------------------------------------------------------------------------------- > But as per our policy they wont provide this permission. Could you please > let us know whether this issue is fixed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)