[
https://issues.apache.org/jira/browse/TOMEE-1954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15554952#comment-15554952
]
Magesh commented on TOMEE-1954:
-------------------------------
Are you saying that the below permissions are needed for tomee plugin
deployment?
grant codeBase "file:${catalina.base}/webapps/tomee/-" {
permission java.security.AllPermission;
};
permission java.security.SecurityPermission "setPolicy";
permission javax.security.auth.AuthPermission "doAsPrivileged";
> Tomee 7.0.0-M1 drop in war not getting deployed in Security mode in Tomcat
> --------------------------------------------------------------------------
>
> Key: TOMEE-1954
> URL: https://issues.apache.org/jira/browse/TOMEE-1954
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.0-M1
> Environment: Tomcat 8.0.36
> Reporter: Magesh
> Labels: security
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Hi,
> We are using tomee 7.0.0-M1 plugin war in our Tomcat 8 server for EJB
> application deployment.
> We are not facing any issue if we start the tomcat server normally and all
> our EJB applications are getting deployed properly.
> If we start the tomcat server with security mode enabled -security, tomee is
> getting deployed only if we provide all permissions in catalina.policy file
> to tomee application.
> grant codeBase "file:$
> {catalina.base}
> /webapps/tomee/-"
> { permission java.security.AllPermission; }
> ;
> Log:
> 07-Oct-2016 13:08:01.658 INFO [localhost-startStop-1]
> org.apache.openejb.util.OptionsLog.info Using
> 'openejb.jdbc.datasource-creator=org.apache.tomee.jdbc.TomEEDataSourceCreator'
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init>
> ********************************************************************************
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> OpenEJB http://tomee.apache.org/
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> Startup: Fri Oct 07 13:08:01 IST
> 2016
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> Copyright 1999-2015 (C) Apache
> OpenEJB Project, All Rights Reserved.
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> Version: 7.0.0-M1
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> Build date: 20151205
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> Build time: 09:53
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init>
> ********************************************************************************
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> openejb.home = C:\Tomcat8.0.36
> 07-Oct-2016 13:08:01.815 INFO [localhost-startStop-1]
> org.apache.openejb.OpenEJB$Instance.<init> openejb.base = C:\Tomcat8.0.36
> 07-Oct-2016 13:08:01.830 INFO [localhost-startStop-1]
> org.apache.openejb.cdi.CdiBuilder.initializeOWB Created new singletonService
> org.apache.openejb.cdi.ThreadSingletonServiceImpl@2486d2b7
> 07-Oct-2016 13:08:01.830 INFO [localhost-startStop-1]
> org.apache.openejb.cdi.CdiBuilder.initializeOWB Succeeded in installing
> singleton service
> 07-Oct-2016 13:08:01.862 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigUtils.searchForConfiguration Cannot find the
> configuration file [conf/openejb.xml]. Creating one at
> C:\Tomcat8.0.36\conf\openejb.xml
> 07-Oct-2016 13:08:01.877 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.init openejb configuration
> file is 'C:\Tomcat8.0.36\conf\openejb.xml'
> 07-Oct-2016 13:08:01.924 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=Tomcat Security Service, type=SecurityService, provider-id=Tomcat
> Security Service)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=Default Transaction Manager, type=TransactionManager,
> provider-id=Default Transaction Manager)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=My DataSource, type=Resource, provider-id=Default JDBC Database)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=My Unmanaged DataSource, type=Resource, provider-id=Default JDBC
> Database)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=My Singleton Container, type=Container, provider-id=Default
> Singleton Container)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=My Stateful Container, type=Container, provider-id=Default
> Stateful Container)
> 07-Oct-2016 13:08:01.940 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=My Stateless Container, type=Container, provider-id=Default
> Stateless Container)
> 07-Oct-2016 13:08:01.955 WARNING [localhost-startStop-1]
> org.apache.openejb.config.DeploymentsResolver.loadFrom File error:
> <Deployments dir="apps/"> - Does not exist: C:\Tomcat8.0.36\apps
> 07-Oct-2016 13:08:01.955 INFO [localhost-startStop-1]
> org.apache.openejb.util.OptionsLog.info Using
> 'openejb.deployments.classpath=false'
> 07-Oct-2016 13:08:01.955 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> TransactionManager(id=Default Transaction Manager)
> 07-Oct-2016 13:08:02.033 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> SecurityService(id=Tomcat Security Service)
> 07-Oct-2016 13:08:02.049 INFO [localhost-startStop-1]
> org.apache.openejb.util.OptionsLog.info Using
> 'javax.security.jacc.policy.provider=sun.security.provider.PolicyFile'
> 07-Oct-2016 13:08:02.096 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Resource(id=My DataSource)
> 07-Oct-2016 13:08:02.658 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Resource(id=My Unmanaged DataSource)
> 07-Oct-2016 13:08:02.705 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Container(id=My Singleton Container)
> 07-Oct-2016 13:08:02.736 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Container(id=My Stateful Container)
> 07-Oct-2016 13:08:02.783 INFO [localhost-startStop-1]
> org.apache.openejb.core.stateful.SimplePassivater.init Using directory
> C:\Tomcat8.0.36\temp for stateful session passivation
> 07-Oct-2016 13:08:02.846 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Container(id=My Stateless Container)
> 07-Oct-2016 13:08:02.908 INFO [localhost-startStop-1]
> org.apache.tomee.catalina.OpenEJBNamingContextListener.bindResource Importing
> a Tomcat Resource with id 'UserDatabase' of type
> 'org.apache.catalina.UserDatabase'.
> 07-Oct-2016 13:08:02.908 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createRecipe Creating
> Resource(id=UserDatabase)
> 07-Oct-2016 13:08:02.955 INFO [localhost-startStop-1]
> org.apache.openejb.server.ServiceManager.initServer Creating
> ServerService(id=cxf-rs)
> 07-Oct-2016 13:08:03.236 INFO [localhost-startStop-1]
> org.apache.openejb.server.SimpleServiceManager.start ** Bound Services **
> 07-Oct-2016 13:08:03.236 INFO [localhost-startStop-1]
> org.apache.openejb.server.SimpleServiceManager.printRow NAME IP PORT
> 07-Oct-2016 13:08:03.236 INFO [localhost-startStop-1]
> org.apache.openejb.server.SimpleServiceManager.start -------
> 07-Oct-2016 13:08:03.236 INFO [localhost-startStop-1]
> org.apache.openejb.server.SimpleServiceManager.start Ready!
> 07-Oct-2016 13:08:03.268 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
> application archive C:\Tomcat8.0.36\webapps\tomee.war has finished in 3,703 ms
> 07-Oct-2016 13:08:03.268 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory C:\Tomcat8.0.36\webapps\ROOT
> 07-Oct-2016 13:08:03.268 INFO [localhost-startStop-1]
> org.apache.tomee.catalina.TomcatWebAppBuilder.init -------------------------
> localhost -> /
> 07-Oct-2016 13:08:03.455 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureApplication
> Configuring enterprise application: C:\Tomcat8.0.36\webapps\ROOT
> 07-Oct-2016 13:08:03.518 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=comp/DefaultManagedExecutorService, type=Resource,
> provider-id=Default Executor Service)
> 07-Oct-2016 13:08:03.518 INFO [localhost-startStop-1]
> org.apache.openejb.config.AutoConfig.logAutoCreateResource Auto-creating a
> Resource with id 'comp/DefaultManagedExecutorService' of type
> 'javax.enterprise.concurrent.ManagedExecutorService for ''.
> 07-Oct-2016 13:08:03.518 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=comp/DefaultManagedScheduledExecutorService, type=Resource,
> provider-id=Default Scheduled Executor Service)
> 07-Oct-2016 13:08:03.518 INFO [localhost-startStop-1]
> org.apache.openejb.config.AutoConfig.logAutoCreateResource Auto-creating a
> Resource with id 'comp/DefaultManagedScheduledExecutorService' of type
> 'javax.enterprise.concurrent.ManagedScheduledExecutorService for ''.
> 07-Oct-2016 13:08:03.533 INFO [localhost-startStop-1]
> org.apache.openejb.config.ConfigurationFactory.configureService Configuring
> Service(id=comp/DefaultManagedThreadFactory, type=Resource,
> provider-id=Default Managed Thread Factory)
> 07-Oct-2016 13:08:03.533 INFO [localhost-startStop-1]
> org.apache.openejb.config.AutoConfig.logAutoCreateResource Auto-creating a
> Resource with id 'comp/DefaultManagedThreadFactory' of type
> 'javax.enterprise.concurrent.ManagedThreadFactory for ''.
> 07-Oct-2016 13:08:03.549 INFO [localhost-startStop-1]
> org.apache.openejb.config.AppInfoBuilder.build Enterprise application
> "C:\Tomcat8.0.36\webapps\ROOT" loaded.
> 07-Oct-2016 13:08:03.565 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createApplication Assembling
> app: C:\Tomcat8.0.36\webapps\ROOT
> 07-Oct-2016 13:08:03.705 INFO [localhost-startStop-1]
> org.apache.openejb.assembler.classic.Assembler.createApplication Deployed
> Application(path=C:\Tomcat8.0.36\webapps\ROOT)
> 07-Oct-2016 13:08:03.783 INFO [localhost-startStop-1]
> org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned
> for TLDs yet contained no TLDs. Enable debug logging for this logger for a
> complete list of JARs that were scanned but no TLDs were found in them.
> Skipping unneeded JARs during scanning can improve startup time and JSP
> compilation time.
> 07-Oct-2016 13:08:03.861 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory C:\Tomcat8.0.36\webapps\ROOT has finished in 593 ms
> 07-Oct-2016 13:08:03.861 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-8080"]
> 07-Oct-2016 13:08:03.877 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["ajp-nio-8009"]
> 07-Oct-2016 13:08:03.877 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 4944 ms
> Without the all permission ,tomee war is not getting deployed. But as per our
> policy they wont provide all permissions.
> Could you please let us know whether tomee will work only if we provide all
> permissions in tomcat with -security mode enabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
