You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by "ross.cohen" <ro...@gmail.com> on 2018/08/10 14:23:04 UTC
Re: EAR deployment
Any chance this got fixed in 7.0.5? My hopes aren't too high, and I already
have an ugly work-around, but still ...
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by "ross.cohen" <ro...@gmail.com>.
Actually, I could check this out in the nightly build -- assuming this change
will go into the nightly build?
If that is the case, I can check by the end of the week.
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by "ross.cohen" <ro...@gmail.com>.
jgallimore wrote
> I know its been a while... I did just commit a patch for this issue:
> https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if
> this
> helps with this issue at all. I'll run my own test when I get a sec, but
> if
> you're able to give it a go, that would be awesome.
>
> Jon
Whoa -- I figured this issue was forgotten. I promise to check this out in
7.1.1 -- I would check it out now, but unfortunately, I'm in the middle of
a migration, and still haven't had a chance to grok the Tomee build process
(never cared for Maven, and never had a pressing need to learn Git). Being
vaguely aware of how lame that sounds, I figure it's time to finally do
something about it -- if only so that I can be a bit of use here. The bad
news I won't be able to spend any time on this until sometime in late June
(at the earliest). So if you can wait that long for me to get back you, I
certainly will. Sorry for being such a toad -- especially after you guys
went the extra distance ...
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
I know its been a while... I did just commit a patch for this issue:
https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if this
helps with this issue at all. I'll run my own test when I get a sec, but if
you're able to give it a go, that would be awesome.
Jon
On Mon, Aug 20, 2018 at 10:53 AM Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> So I can explain a bit about what's going on here - everything goes ok
> with the security manager switched on, up until the point where we pass
> through OpenEJB's security service, at which point we do this:
>
> final String moduleID = newContext.getBeanContext().getModuleID();
> JavaSecurityManagers.setContextID(moduleID);
>
> This sets a JACC security context which is then used to evaluate
> permissions, which appears to reject the permission required (in this case
> java.lang.RuntimePermission / setContextClassLoader). Further research,
> and hazy memory of other conversations make me think that there are some
> gaps in JACC in TomEE (
> http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
> It strikes me that we should be able to get this to work. It'll need a bit
> more research on my part, however, so bear with me. Thoughts and discussion
> are welcome.
>
> Jon
>
> On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
>> Thanks, that's useful.
>>
>> Jon
>>
>> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>>
>>> Security policy is very simple right now:
>>>
>>> grant {
>>> permission java.security.AllPermission;
>>> };
>>>
>>> Thanks!
>>> Ross
>>>
>>>
>>>
>>> From: "Jonathan Gallimore" <jo...@gmail.com>
>>> To: users@tomee.apache.org,
>>> Date: 08/10/2018 12:54 PM
>>> Subject: Re: EAR deployment
>>>
>>>
>>>
>>> It didn't, sorry. I still want to work on it and should have time next
>>> week. Are you able to share your security manager policy to help me debug
>>> it through?
>>>
>>> Jon
>>>
>>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>>
>>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>>> > already
>>> > have an ugly work-around, but still ...
>>> >
>>> > Ross
>>> >
>>> >
>>> >
>>> > --
>>> > Sent from:
>>> >
>>>
>>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>>
>>> >
>>>
>>>
>>> --
>>> BEGIN-ANTISPAM-VOTING-LINKS
>>> ------------------------------------------------------
>>>
>>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>>> Spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Not spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Forget vote:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> ------------------------------------------------------
>>> END-ANTISPAM-VOTING-LINKS
>>>
>>>
>>>
>>>
>>>
>>> Confidentiality Notice:
>>> This electronic message and any attachments may contain confidential or
>>> privileged information, and is intended only for the individual or
>>> entity
>>> identified above as the addressee. If you are not the addressee (or the
>>> employee or agent responsible to deliver it to the addressee), or if
>>> this
>>> message has been addressed to you in error, you are hereby notified that
>>> you may not copy, forward, disclose or use any part of this message or
>>> any
>>> attachments. Please notify the sender immediately by return e-mail or
>>> telephone and delete this message from your system.
>>>
>>
>>
>
Re: EAR deployment
Posted by rc...@e1b.org.
John,
Thanks for the update -- I appreciate you looking into this.
Ross
From: "Jonathan Gallimore" <jo...@gmail.com>
To: users@tomee.apache.org,
Date: 08/20/2018 05:53 AM
Subject: Re: EAR deployment
So I can explain a bit about what's going on here - everything goes ok
with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:
final String moduleID = newContext.getBeanContext().getModuleID();
JavaSecurityManagers.setContextID(moduleID);
This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader). Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vSG93LWNhbi1JLWVuYWJsZS1KQUNDLWluLVRvbUVFLXRwNDY3MzExM3A0Njc5NzQ2Lmh0bWw%3D&_s=ZXJpZTE%3D&_c=0f754806
).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and
discussion
are welcome.
Jon
On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>> permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From: "Jonathan Gallimore" <jo...@gmail.com>
>> To: users@tomee.apache.org,
>> Date: 08/10/2018 12:54 PM
>> Subject: Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me
debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or
entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if
this
>> message has been addressed to you in error, you are hereby notified
that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 04WplRxa3) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=04WplRxa3&m=cae8652407e2&t=20180820
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=04WplRxa3&m=cae8652407e2&t=20180820
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=04WplRxa3&m=cae8652407e2&t=20180820
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
So I can explain a bit about what's going on here - everything goes ok with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:
final String moduleID = newContext.getBeanContext().getModuleID();
JavaSecurityManagers.setContextID(moduleID);
This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader). Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and discussion
are welcome.
Jon
On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>> permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From: "Jonathan Gallimore" <jo...@gmail.com>
>> To: users@tomee.apache.org,
>> Date: 08/10/2018 12:54 PM
>> Subject: Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if this
>> message has been addressed to you in error, you are hereby notified that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
Thanks, that's useful.
Jon
On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
> Security policy is very simple right now:
>
> grant {
> permission java.security.AllPermission;
> };
>
> Thanks!
> Ross
>
>
>
> From: "Jonathan Gallimore" <jo...@gmail.com>
> To: users@tomee.apache.org,
> Date: 08/10/2018 12:54 PM
> Subject: Re: EAR deployment
>
>
>
> It didn't, sorry. I still want to work on it and should have time next
> week. Are you able to share your security manager policy to help me debug
> it through?
>
> Jon
>
> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>
> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> > already
> > have an ugly work-around, but still ...
> >
> > Ross
> >
> >
> >
> > --
> > Sent from:
> >
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9t
> RUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 02WlsSioE) is spam:
> Spam:
> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> Not spam:
> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> Forget vote:
> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
Security policy is very simple right now:
grant {
permission java.security.AllPermission;
};
Thanks!
Ross
From: "Jonathan Gallimore" <jo...@gmail.com>
To: users@tomee.apache.org,
Date: 08/10/2018 12:54 PM
Subject: Re: EAR deployment
It didn't, sorry. I still want to work on it and should have time next
week. Are you able to share your security manager policy to help me debug
it through?
Jon
On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
> Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> already
> have an ugly work-around, but still ...
>
> Ross
>
>
>
> --
> Sent from:
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 02WlsSioE) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
It didn't, sorry. I still want to work on it and should have time next
week. Are you able to share your security manager policy to help me debug
it through?
Jon
On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
> Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> already
> have an ugly work-around, but still ...
>
> Ross
>
>
>
> --
> Sent from:
> http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
>