John,
Thanks for the update -- I appreciate you looking into this.
Ross
From: "Jonathan Gallimore" <jonathan.gallim...@gmail.com>
To: users@tomee.apache.org,
Date: 08/20/2018 05:53 AM
Subject: Re: EAR deployment
So I can explain a bit about what's going on here - everything goes ok
with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:
final String moduleID = newContext.getBeanContext().getModuleID();
JavaSecurityManagers.setContextID(moduleID);
This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader). Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vSG93LWNhbi1JLWVuYWJsZS1KQUNDLWluLVRvbUVFLXRwNDY3MzExM3A0Njc5NzQ2Lmh0bWw%3D&_s=ZXJpZTE%3D&_c=0f754806
).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and
discussion
are welcome.
Jon
On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rco...@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>> permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From: "Jonathan Gallimore" <jonathan.gallim...@gmail.com>
>> To: users@tomee.apache.org,
>> Date: 08/10/2018 12:54 PM
>> Subject: Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me
debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ross.cohen...@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or
entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if
this
>> message has been addressed to you in error, you are hereby notified
that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 04WplRxa3) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=04WplRxa3&m=cae8652407e2&t=20180820
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=04WplRxa3&m=cae8652407e2&t=20180820
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=04WplRxa3&m=cae8652407e2&t=20180820
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
