[jira] [Closed] (TOMEE-1955) Security Permission "setPolicy"

Romain Manni-Bucau (JIRA) Fri, 07 Oct 2016 04:58:03 -0700

     [ 
https://issues.apache.org/jira/browse/TOMEE-1955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Romain Manni-Bucau closed TOMEE-1955.
-------------------------------------
    Resolution: Duplicate

Please don't open the same issue with different names N times.

> Security Permission "setPolicy"
> -------------------------------
>
>                 Key: TOMEE-1955
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1955
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 7.0.0-M1
>         Environment: Tomcat 8.0.36
>            Reporter: Magesh
>              Labels: security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Hi,
>  We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB 
> application deployment.
> We are not facing any issue if we start the tomcat server normally and all 
> our EJB applications are getting deployed properly.
> If we start the tomcat server with security mode enabled -security, while 
> accessing some modules in our application we are getting the below exception 
> to add "setPolicy" security permission in policy file.
> permission java.security.SecurityPermission "setPolicy";
> Log:
> ---------------------------------------------------------------------------------------------------
> org.apache.openejb.core.ThreadContext.enter ThreadContextListener threw an 
> exception
>  java.security.AccessControlException: access denied 
> ("java.security.SecurityPermission" "setPolicy")
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:884)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>       at javax.security.jacc.PolicyContext.setContextID(PolicyContext.java:49)
>       at 
> org.apache.openejb.core.security.AbstractSecurityService.contextEntered(AbstractSecurityService.java:148)
>       at org.apache.openejb.core.ThreadContext.enter(ThreadContext.java:60)
>       at 
> org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:169)
>       at 
> org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(EjbObjectProxyHandler.java:265)
>       at 
> org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:260)
>       at 
> org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:89)
>       at 
> org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:319)
> ----------------------------------------------------------------------------------------------------
> But as per our policy they wont provide this permission. Could you please let 
> us know whether this issue is fixed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (TOMEE-1955) Security Permission "setPolicy"

Reply via email to