[
https://issues.apache.org/jira/browse/TOMEE-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-2013.
------------------------------------
Resolution: Auto Closed
Hi there!
We wanted to reach out and let you know that we're currently working on
cleaning up open issues in Jira that specifically impact unsupported versions,
including 1.7.x, 7.0.x, and 7.1.x.
If you had previously reported this issue on one of these unsupported versions,
we kindly ask you to check if the problem still persists and can be reproduced
on a supported version such as 8.0.x or 9.0.x. If you find that it is indeed
reproducible on a supported version, you're more than welcome to re-open this
issue.
Thanks!
> Java PropertyPermisssion
> ------------------------
>
> Key: TOMEE-2013
> URL: https://issues.apache.org/jira/browse/TOMEE-2013
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 7.0.2
> Reporter: Magesh
> Priority: Major
> Labels: security
> Attachments: Logger.java, Security_Permissions_openejb.txt,
> openejb-core-7.0.2.jar, tomee.patch
>
>
> Hi,
> We are using TOMEE server (apache-tomee-plus-7.0.2) to deploy our
> applications which uses EJBs. When we run the server with security mode
> enabled, applications are not getting deployed without the below permission.
> permission java.util.PropertyPermission "*", "read,write";
> We did some changes to the openejb-core-7.0.2.jar file in the classes
> org.apache.openejb.core.transaction.EjbTransactionUtil,
> org.apache.openejb.core.transaction.JtaTransactionPolicy
> After the changes were made the following specific permissions were required.
> permission java.util.PropertyPermission
> "javax.persistence.transactionType", "read";
> permission java.util.PropertyPermission
> "javax.persistence.schema-generation.database.action", "read";
> permission java.util.PropertyPermission
> "javax.persistence.schema-generation.scripts.action", "read";
> permission java.util.PropertyPermission
> "javax.persistence.jdbc.user", "read";
> permission java.util.PropertyPermission
> "javax.persistence.jdbc.password", "read";
> permission java.util.PropertyPermission
> "javax.persistence.jtaDataSource", "read";
> permission java.util.PropertyPermission
> "javax.persistence.nonJtaDataSource", "read";
> permission java.util.PropertyPermission
> "javax.persistence.lock.timeout", "read";
> permission java.util.PropertyPermission
> "javax.persistence.query.timeout", "read";
> permission java.util.PropertyPermission
> "javax.persistence.schema-generation.connection", "read";
> permission java.util.PropertyPermission
> "javax.persistence.sql-load-script-source", "read";
> permission java.util.PropertyPermission
> "org.eclipse.persistence.querymonitor", "read";
> Will this be addressed in the future release or else the permissions are
> required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
