John, Thanks for the update -- I appreciate you looking into this.
Ross From: "Jonathan Gallimore" <jonathan.gallim...@gmail.com> To: users@tomee.apache.org, Date: 08/20/2018 05:53 AM Subject: Re: EAR deployment So I can explain a bit about what's going on here - everything goes ok with the security manager switched on, up until the point where we pass through OpenEJB's security service, at which point we do this: final String moduleID = newContext.getBeanContext().getModuleID(); JavaSecurityManagers.setContextID(moduleID); This sets a JACC security context which is then used to evaluate permissions, which appears to reject the permission required (in this case java.lang.RuntimePermission / setContextClassLoader). Further research, and hazy memory of other conversations make me think that there are some gaps in JACC in TomEE ( https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vSG93LWNhbi1JLWVuYWJsZS1KQUNDLWluLVRvbUVFLXRwNDY3MzExM3A0Njc5NzQ2Lmh0bWw%3D&_s=ZXJpZTE%3D&_c=0f754806 ). It strikes me that we should be able to get this to work. It'll need a bit more research on my part, however, so bear with me. Thoughts and discussion are welcome. Jon On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore < jonathan.gallim...@gmail.com> wrote: > Thanks, that's useful. > > Jon > > On Mon, Aug 13, 2018 at 3:15 PM, <rco...@e1b.org> wrote: > >> Security policy is very simple right now: >> >> grant { >> permission java.security.AllPermission; >> }; >> >> Thanks! >> Ross >> >> >> >> From: "Jonathan Gallimore" <jonathan.gallim...@gmail.com> >> To: users@tomee.apache.org, >> Date: 08/10/2018 12:54 PM >> Subject: Re: EAR deployment >> >> >> >> It didn't, sorry. I still want to work on it and should have time next >> week. Are you able to share your security manager policy to help me debug >> it through? >> >> Jon >> >> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ross.cohen...@gmail.com> wrote: >> >> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I >> > already >> > have an ugly work-around, but still ... >> > >> > Ross >> > >> > >> > >> > -- >> > Sent from: >> > >> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov >> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl >> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580 >> >> > >> >> >> -- >> BEGIN-ANTISPAM-VOTING-LINKS >> ------------------------------------------------------ >> >> Teach CanIt if this mail (ID 02WlsSioE) is spam: >> Spam: >> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m= >> 9b4a3eadf679&t=20180810 >> >> Not spam: >> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m= >> 9b4a3eadf679&t=20180810 >> >> Forget vote: >> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m= >> 9b4a3eadf679&t=20180810 >> >> ------------------------------------------------------ >> END-ANTISPAM-VOTING-LINKS >> >> >> >> >> >> Confidentiality Notice: >> This electronic message and any attachments may contain confidential or >> privileged information, and is intended only for the individual or entity >> identified above as the addressee. If you are not the addressee (or the >> employee or agent responsible to deliver it to the addressee), or if this >> message has been addressed to you in error, you are hereby notified that >> you may not copy, forward, disclose or use any part of this message or >> any >> attachments. Please notify the sender immediately by return e-mail or >> telephone and delete this message from your system. >> > > -- BEGIN-ANTISPAM-VOTING-LINKS ------------------------------------------------------ Teach CanIt if this mail (ID 04WplRxa3) is spam: Spam: https://milton-web.wnyric.org/canit/b.php?c=s&i=04WplRxa3&m=cae8652407e2&t=20180820 Not spam: https://milton-web.wnyric.org/canit/b.php?c=n&i=04WplRxa3&m=cae8652407e2&t=20180820 Forget vote: https://milton-web.wnyric.org/canit/b.php?c=f&i=04WplRxa3&m=cae8652407e2&t=20180820 ------------------------------------------------------ END-ANTISPAM-VOTING-LINKS Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system.