I'll take a look - will be early next week before I can get to it. Jon
On Fri, Jun 29, 2018 at 3:50 PM, Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > ears probably not (but you are not that numerous anymore ;)) but with a > security manager is more the criteria here IMHO. > > Romain Manni-Bucau > @rmannibucau <https://twitter.com/rmannibucau> | Blog > <https://rmannibucau.metawerx.net/> | Old Blog > <http://rmannibucau.wordpress.com> | Github <https://github.com/ > rmannibucau> | > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > <https://www.packtpub.com/application-development/java- > ee-8-high-performance> > > > Le ven. 29 juin 2018 à 16:44, <rco...@e1b.org> a écrit : > > > Not terribly familiar with Git, but I assume you asking me to submit a > > pull request that points to a fix? The short answer is "no". I would > > love to see this fixed, but right now I don't have the time to grok git > > (we use svn), set up a build environment for Tomee, pickup maven (we use > > ant+ivy), and figure out the actual bug. If I have to, I will --- but > > only God knows how long it will be before I can make the time to do these > > things. > > > > But this raises a question: am I really the last person still deploying > > EARs?! Really??? > > > > Thanks for your prompt help -- you guys are amazing! > > Ross > > > > > > > > > > > > From: "Romain Manni-Bucau" <rmannibu...@gmail.com> > > To: users@tomee.apache.org, > > Date: 06/28/2018 04:03 PM > > Subject: Re: EAR deployment > > > > > > > > I see > > > > Then it is just a bug and we miss a wrapping to be SM compliant in that > > part of the code. > > > > Do you want to submit a PR to fix it? > > > > Le jeu. 28 juin 2018 19:37, <rco...@e1b.org> a écrit : > > > > > Couldn't find it in the summary. Of course, its there as a VM > > argument, > > > but I expect that. After digging around a bit more I found it in the > > > MXBeans: java.lang -> Runtime -> Attributes. > > > > > > Every thing there is set as it is in the file: ie > > > java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy > > > java.security.manager=<no value> > > > > > > -- both of which I would expect. > > > > > > Note that I have not tried chang <Deployments dir="apps" /> in > > tomee.xml. > > > Maybe that needs chaning -- though what I have seem really close to > > > working. > > > > > > Just occurred to me that I never included my full VM args: > > > > > > -Dcatalina.base="C:\IBM\liferay\tomee" > > > -Dcatalina.home="C:\IBM\liferay\tomee" > > > -Dwtp.deploy="C:\IBM\liferay\tomee\webapps" > > > -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed" > > > -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true > > > > > > > -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_ > CLEAR_REFERENCES=false > > > > > > > > > -Duser.timezone=EST > > > -Djava.security.manager > > > -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy" > > > > > -Djava.security.auth.login.config="C:\IBM\liferay\tomee\ > conf\jaas.config" > > > -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay" > > > -Xmx2048m > > > > > > > > > Thanks, > > > Ross > > > > > > > > > > > > > > > > > > From: "Romain Manni-Bucau" <rmannibu...@gmail.com> > > > To: users@tomee.apache.org, > > > Date: 06/28/2018 11:20 AM > > > Subject: Re: EAR deployment > > > > > > > > > > > > I think you can check it in the JVM info in system properties (VM > > Summary) > > > > > > Romain Manni-Bucau > > > @rmannibucau < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3 > > > > > > | Blog > > > < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2 > > > > > > | Old Blog > > > < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b > > > > > > | Github < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9 > > > > > > | > > > LinkedIn < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s= > ZXJpZTE%3D&_c=aff046f7 > > > > > > | Book > > > < > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt > ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4 > > > > > > > > > > > > > > > Le jeu. 28 juin 2018 à 17:19, <rco...@e1b.org> a écrit : > > > > > > > So: > > > > > > > > 1. With the security manager disabled, the ear deploys fine, ejb's > > > > instantitiate, initialize, etc -- no errors at all! > > > > > > > > 2. I connected to the running jvm with jmx, and poked around for a > > > while, > > > > but could not find where it specified the policy file Tomcat was > > using. > > > > Can I get a hint as to where this info is? > > > > > > > > Thanks, > > > > Ross > > > > > > > > > > > > > > > > From: "Romain Manni-Bucau" <rmannibu...@gmail.com> > > > > To: users@tomee.apache.org, > > > > Date: 06/27/2018 04:54 PM > > > > Subject: Re: EAR deployment > > > > > > > > > > > > > > > > Hi > > > > > > > > can you confirm it works without the security manager enabled? > > > > > > > > Also can you check connecting on the JVM through JMX that the right > > > policy > > > > file is used and tomcat didn't override the one you thought using? > > > > > > > > Romain Manni-Bucau > > > > @rmannibucau < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3 > > > > > > > > > > | Blog > > > > < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2 > > > > > > > > > > | Old Blog > > > > < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b > > > > > > > > > > | Github < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9 > > > > > > > > > > | > > > > LinkedIn < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s= > ZXJpZTE%3D&_c=aff046f7 > > > > > > > > > > | Book > > > > < > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/urlproxy.php?_q= > aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt > ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4 > > > > > > > > > > > > > > > > > > > > > > Le mer. 27 juin 2018 à 19:12, <rco...@e1b.org> a écrit : > > > > > > > > > I'm running 7.0.4. I have been deploying to webapps (<Deployments > > > > > dir="apps" /> remains commented). > > > > > > > > > > Ross > > > > > > > > > > > > > > > > > > > > From: "Jonathan Gallimore" <jonathan.gallim...@gmail.com> > > > > > To: users@tomee.apache.org, > > > > > Date: 06/27/2018 12:22 PM > > > > > Subject: Re: EAR deployment > > > > > > > > > > > > > > > > > > > > Hi > > > > > > > > > > What version of TomEE are you running? > > > > > > > > > > Are you deploying your EAR from webapps, or from apps with > > > <Deployments > > > > > dir="apps" /> added in tomee.xml? > > > > > > > > > > Regards > > > > > > > > > > Jon > > > > > > > > > > On Wed, Jun 27, 2018 at 5:15 PM, <rco...@e1b.org> wrote: > > > > > > > > > > > I seem unable to deploy EARs. I have set the catalina.policy > > to: > > > > > > grant { > > > > > > permission java.security.AllPermission; > > > > > > }; > > > > > > > > > > > > I have set the work directory to "work" (and at deploy see the > > > > exploded > > > > > > EAR there). > > > > > > > > > > > > Also I have set deployOnStartup to false, autoDeploy to true, and > > > > > > unpackWARs to true. > > > > > > > > > > > > On deploy, at first matters look promising. It unpacks, > > > initializes > > > > my > > > > > > EJBs, then I get single AccessContorlException > > (RuntimePermistion), > > > > > > followed by an infinitely repeating (every 5 seconds or so) > access > > > > > control > > > > > > exception (FilePermission). > > > > > > > > > > > > > > > > > > INFO: Created Ejb(deployment-id=CloseEventsBean, > > > > > > ejb-name=CloseEventsBean, > > > > > > container=Default Singleton Container) > > > > > > Jun 26, 2018 11:41:40 AM > > > > org.apache.openejb.assembler.classic.Assembler > > > > > > startEjbs > > > > > > INFO: Created Ejb(deployment-id=ManagerReminderBean, > > > > > > ejb-name=ManagerReminderBean, container=Default Singleton > > Container) > > > > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl > > invoke > > > > > > SEVERE: Exception invoking periodic operation: > > > > > > java.security.AccessControlException: access denied > > > > > > ("java.lang.RuntimePermission" "setContextClassLoader") > > > > > > at > > > > > > java.security.AccessControlContext.checkPermission( > > > > > > AccessControlContext.java:472) > > > > > > at > > > > > > > > > > > > > > > > > > > > java.security.AccessController.checkPermission( > AccessController.java:884) > > > > > > at > > > > > > > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > > > > > > at > > java.lang.Thread.setContextClassLoader(Thread.java:1474) > > > > > > at > > > > > > > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94) > > > > > > at > > > > > > > > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105) > > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.openejb.util.JuliLogStream.isWarnEnabled( > JuliLogStream.java:61) > > > > > > at > > > > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425) > > > > > > at org.apache.openejb.util.Logger.warning(Logger.java: > 646) > > > > > > at > > > > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost( > > > > > > TomcatWebAppBuilder.java:2233) > > > > > > at > > > > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent( > > > > > > GlobalListenerSupport.java:141) > > > > > > at > > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent( > > > > > > LifecycleBase.java:94) > > > > > > at > > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess( > > > > > > ContainerBase.java:1164) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > processChildren(ContainerBase.java:1388) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > processChildren(ContainerBase.java:1392) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > run(ContainerBase.java:1360) > > > > > > at java.lang.Thread.run(Thread.java:748) > > > > > > > > > > > > > > > > > > > > > > > > Below is the repeating exception. > > > > > > > > > > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl > > invoke > > > > > > SEVERE: Exception invoking periodic operation: > > > > > > java.security.AccessControlException: access denied > > > > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ > ROOT.war" > > > > > "read") > > > > > > at > > > > > > java.security.AccessControlContext.checkPermission( > > > > > > AccessControlContext.java:472) > > > > > > at > > > > > > > > > > > > > > > > > > > > java.security.AccessController.checkPermission( > AccessController.java:884) > > > > > > at > > > > > > > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > > > > > > at > > > > java.lang.SecurityManager.checkRead(SecurityManager.java:888) > > > > > > at java.io.File.exists(File.java:814) > > > > > > at > > > > > > org.apache.catalina.startup.HostConfig.checkResources( > > > > > > HostConfig.java:1296) > > > > > > at > > > > > > org.apache.catalina.startup.HostConfig.check(HostConfig. > java:1623) > > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.startup.HostConfig.lifecycleEvent( > HostConfig.java:314) > > > > > > at > > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent( > > > > > > LifecycleBase.java:94) > > > > > > at > > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess( > > > > > > ContainerBase.java:1164) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > processChildren(ContainerBase.java:1388) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > processChildren(ContainerBase.java:1392) > > > > > > at > > > > > > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor. > > > > > > run(ContainerBase.java:1360) > > > > > > at java.lang.Thread.run(Thread.java:748) > > > > > > > > > > > > > > > > > > > > > > > > What am I missing? I can see that the exception implies > > additional > > > > > > permissions, but why doesn't my blanket grant of all permission > in > > > the > > > > > > catalina policy file cover this? > > > > > > > > > > > > Ross > > > > > > > > > > > > > > > > > > Confidentiality Notice: > > > > > > This electronic message and any attachments may contain > > confidential > > > > or > > > > > > privileged information, and is intended only for the individual > or > > > > > entity > > > > > > identified above as the addressee. If you are not the addressee > > (or > > > > the > > > > > > employee or agent responsible to deliver it to the addressee), or > > if > > > > > this > > > > > > message has been addressed to you in error, you are hereby > > notified > > > > that > > > > > > you may not copy, forward, disclose or use any part of this > > message > > > or > > > > > any > > > > > > attachments. Please notify the sender immediately by return > e-mail > > > or > > > > > > telephone and delete this message from your system. > > > > > > > > > > > > > > > > > > > > > -- > > > > > BEGIN-ANTISPAM-VOTING-LINKS > > > > > ------------------------------------------------------ > > > > > > > > > > Teach CanIt if this mail (ID 01W3QmO1O) is spam: > > > > > Spam: > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m= > 2bb7a21db8c9&t=20180627 > > > > > > > > > > > > > > > > > > > Not spam: > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m= > 2bb7a21db8c9&t=20180627 > > > > > > > > > > > > > > > > > > > Forget vote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m= > 2bb7a21db8c9&t=20180627 > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > END-ANTISPAM-VOTING-LINKS > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Confidentiality Notice: > > > > > This electronic message and any attachments may contain > confidential > > > or > > > > > privileged information, and is intended only for the individual or > > > > entity > > > > > identified above as the addressee. If you are not the addressee (or > > > the > > > > > employee or agent responsible to deliver it to the addressee), or > if > > > > this > > > > > message has been addressed to you in error, you are hereby notified > > > that > > > > > you may not copy, forward, disclose or use any part of this message > > or > > > > any > > > > > attachments. Please notify the sender immediately by return e-mail > > or > > > > > telephone and delete this message from your system. > > > > > > > > > > > > > > > > > -- > > > > BEGIN-ANTISPAM-VOTING-LINKS > > > > ------------------------------------------------------ > > > > > > > > Teach CanIt if this mail (ID 05W3USVJt) is spam: > > > > Spam: > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m= > 03c723824a9b&t=20180627 > > > > > > > > > > > > > Not spam: > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m= > 03c723824a9b&t=20180627 > > > > > > > > > > > > > Forget vote: > > > > > > > > > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m= > 03c723824a9b&t=20180627 > > > > > > > > > > > > > ------------------------------------------------------ > > > > END-ANTISPAM-VOTING-LINKS > > > > > > > > > > > > > > > > > > > > > > > > Confidentiality Notice: > > > > This electronic message and any attachments may contain confidential > > or > > > > privileged information, and is intended only for the individual or > > > entity > > > > identified above as the addressee. If you are not the addressee (or > > the > > > > employee or agent responsible to deliver it to the addressee), or if > > > this > > > > message has been addressed to you in error, you are hereby notified > > that > > > > you may not copy, forward, disclose or use any part of this message > or > > > any > > > > attachments. Please notify the sender immediately by return e-mail or > > > > telephone and delete this message from your system. > > > > > > > > > > > > > -- > > > BEGIN-ANTISPAM-VOTING-LINKS > > > ------------------------------------------------------ > > > > > > Teach CanIt if this mail (ID 02W4fkxqC) is spam: > > > Spam: > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m= > d2fb064f979c&t=20180628 > > > > > > > > Not spam: > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m= > d2fb064f979c&t=20180628 > > > > > > > > Forget vote: > > > > > > > > > > https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m= > d2fb064f979c&t=20180628 > > > > > > > > ------------------------------------------------------ > > > END-ANTISPAM-VOTING-LINKS > > > > > > > > > > > > > > > > > > Confidentiality Notice: > > > This electronic message and any attachments may contain confidential or > > > privileged information, and is intended only for the individual or > > entity > > > identified above as the addressee. If you are not the addressee (or the > > > employee or agent responsible to deliver it to the addressee), or if > > this > > > message has been addressed to you in error, you are hereby notified > that > > > you may not copy, forward, disclose or use any part of this message or > > any > > > attachments. Please notify the sender immediately by return e-mail or > > > telephone and delete this message from your system. > > > > > > > > > -- > > BEGIN-ANTISPAM-VOTING-LINKS > > ------------------------------------------------------ > > > > Teach CanIt if this mail (ID 05W4k3PHx) is spam: > > Spam: > > > > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W4k3PHx&m= > 4665151ab5c3&t=20180628 > > > > Not spam: > > > > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W4k3PHx&m= > 4665151ab5c3&t=20180628 > > > > Forget vote: > > > > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W4k3PHx&m= > 4665151ab5c3&t=20180628 > > > > ------------------------------------------------------ > > END-ANTISPAM-VOTING-LINKS > > > > > > > > > > > > Confidentiality Notice: > > This electronic message and any attachments may contain confidential or > > privileged information, and is intended only for the individual or entity > > identified above as the addressee. If you are not the addressee (or the > > employee or agent responsible to deliver it to the addressee), or if this > > message has been addressed to you in error, you are hereby notified that > > you may not copy, forward, disclose or use any part of this message or > any > > attachments. Please notify the sender immediately by return e-mail or > > telephone and delete this message from your system. > > >
