Hello Gabriel, that's right, the overriding is not that obvious. Created https://issues.apache.org/jira/browse/TOMEE-1849
However basic jaccprovider should reuse system policy - ie catalina.policy - for several parts (check org.apache.openejb.core.security.jacc.BasicJaccProvider#systemPolicy usages typically). If you are able to share a test with us reproducing this issue (using arquillian for instance) we can surely even make it smoother. Side note: you are not supposed to use SecurityServiceImpl but Tomcat version. That said the behavior you described was in the parent so still applies. Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2016-06-22 8:14 GMT+02:00 Gabriel Buades <[email protected]>: > Hello all. > > I've been working with JBoss for 13 years, but now I've started playing > with Tomee. From my point of view, it's a greate product, but I've found a > problem I don't know how to deal with. > > I've launched Tomee with ClassLoader security enabled ( catalina.sh run > -security ), and I need to grant special FileSystem permissions to a single > EJB, but catalina.policy file is ignored as BasicJaacProvider applies its > default security policy, overriding catalina.policy settings. > > I've tried to create a new JaacProvider, but the system > property org.apache.openejb.core.security.JaccProvider is overwritten by > SecurityServiceImpl. > > Maybe I am missing something. Is there any way to grant special java > permissions to a EJB bean, or EJB package ? > > Thanks a lot. >
