You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by rc...@e1b.org on 2018/06/27 16:15:18 UTC
EAR deployment
I seem unable to deploy EARs. I have set the catalina.policy to:
grant {
permission java.security.AllPermission;
};
I have set the work directory to "work" (and at deploy see the exploded
EAR there).
Also I have set deployOnStartup to false, autoDeploy to true, and
unpackWARs to true.
On deploy, at first matters look promising. It unpacks, initializes my
EJBs, then I get single AccessContorlException (RuntimePermistion),
followed by an infinitely repeating (every 5 seconds or so) access control
exception (FilePermission).
INFO: Created Ejb(deployment-id=CloseEventsBean, ejb-name=CloseEventsBean,
container=Default Singleton Container)
Jun 26, 2018 11:41:40 AM org.apache.openejb.assembler.classic.Assembler
startEjbs
INFO: Created Ejb(deployment-id=ManagerReminderBean,
ejb-name=ManagerReminderBean, container=Default Singleton Container)
Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
SEVERE: Exception invoking periodic operation:
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "setContextClassLoader")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1474)
at
org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
at
org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
at
org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
at
org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
at org.apache.openejb.util.Logger.warning(Logger.java:646)
at
org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(TomcatWebAppBuilder.java:2233)
at
org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(GlobalListenerSupport.java:141)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)
at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1164)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1388)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1392)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1360)
at java.lang.Thread.run(Thread.java:748)
Below is the repeating exception.
Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
SEVERE: Exception invoking periodic operation:
java.security.AccessControlException: access denied
("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war" "read")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.exists(File.java:814)
at
org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1296)
at
org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)
at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1164)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1388)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1392)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1360)
at java.lang.Thread.run(Thread.java:748)
What am I missing? I can see that the exception implies additional
permissions, but why doesn't my blanket grant of all permission in the
catalina policy file cover this?
Ross
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by "ross.cohen" <ro...@gmail.com>.
Actually, I could check this out in the nightly build -- assuming this change
will go into the nightly build?
If that is the case, I can check by the end of the week.
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by "ross.cohen" <ro...@gmail.com>.
jgallimore wrote
> I know its been a while... I did just commit a patch for this issue:
> https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if
> this
> helps with this issue at all. I'll run my own test when I get a sec, but
> if
> you're able to give it a go, that would be awesome.
>
> Jon
Whoa -- I figured this issue was forgotten. I promise to check this out in
7.1.1 -- I would check it out now, but unfortunately, I'm in the middle of
a migration, and still haven't had a chance to grok the Tomee build process
(never cared for Maven, and never had a pressing need to learn Git). Being
vaguely aware of how lame that sounds, I figure it's time to finally do
something about it -- if only so that I can be a bit of use here. The bad
news I won't be able to spend any time on this until sometime in late June
(at the earliest). So if you can wait that long for me to get back you, I
certainly will. Sorry for being such a toad -- especially after you guys
went the extra distance ...
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
I know its been a while... I did just commit a patch for this issue:
https://issues.apache.org/jira/browse/TOMEE-2532 and I'd be curious if this
helps with this issue at all. I'll run my own test when I get a sec, but if
you're able to give it a go, that would be awesome.
Jon
On Mon, Aug 20, 2018 at 10:53 AM Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> So I can explain a bit about what's going on here - everything goes ok
> with the security manager switched on, up until the point where we pass
> through OpenEJB's security service, at which point we do this:
>
> final String moduleID = newContext.getBeanContext().getModuleID();
> JavaSecurityManagers.setContextID(moduleID);
>
> This sets a JACC security context which is then used to evaluate
> permissions, which appears to reject the permission required (in this case
> java.lang.RuntimePermission / setContextClassLoader). Further research,
> and hazy memory of other conversations make me think that there are some
> gaps in JACC in TomEE (
> http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
> It strikes me that we should be able to get this to work. It'll need a bit
> more research on my part, however, so bear with me. Thoughts and discussion
> are welcome.
>
> Jon
>
> On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
>> Thanks, that's useful.
>>
>> Jon
>>
>> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>>
>>> Security policy is very simple right now:
>>>
>>> grant {
>>> permission java.security.AllPermission;
>>> };
>>>
>>> Thanks!
>>> Ross
>>>
>>>
>>>
>>> From: "Jonathan Gallimore" <jo...@gmail.com>
>>> To: users@tomee.apache.org,
>>> Date: 08/10/2018 12:54 PM
>>> Subject: Re: EAR deployment
>>>
>>>
>>>
>>> It didn't, sorry. I still want to work on it and should have time next
>>> week. Are you able to share your security manager policy to help me debug
>>> it through?
>>>
>>> Jon
>>>
>>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>>
>>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>>> > already
>>> > have an ugly work-around, but still ...
>>> >
>>> > Ross
>>> >
>>> >
>>> >
>>> > --
>>> > Sent from:
>>> >
>>>
>>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>>
>>> >
>>>
>>>
>>> --
>>> BEGIN-ANTISPAM-VOTING-LINKS
>>> ------------------------------------------------------
>>>
>>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>>> Spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Not spam:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> Forget vote:
>>>
>>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810
>>>
>>> ------------------------------------------------------
>>> END-ANTISPAM-VOTING-LINKS
>>>
>>>
>>>
>>>
>>>
>>> Confidentiality Notice:
>>> This electronic message and any attachments may contain confidential or
>>> privileged information, and is intended only for the individual or
>>> entity
>>> identified above as the addressee. If you are not the addressee (or the
>>> employee or agent responsible to deliver it to the addressee), or if
>>> this
>>> message has been addressed to you in error, you are hereby notified that
>>> you may not copy, forward, disclose or use any part of this message or
>>> any
>>> attachments. Please notify the sender immediately by return e-mail or
>>> telephone and delete this message from your system.
>>>
>>
>>
>
Re: EAR deployment
Posted by rc...@e1b.org.
John,
Thanks for the update -- I appreciate you looking into this.
Ross
From: "Jonathan Gallimore" <jo...@gmail.com>
To: users@tomee.apache.org,
Date: 08/20/2018 05:53 AM
Subject: Re: EAR deployment
So I can explain a bit about what's going on here - everything goes ok
with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:
final String moduleID = newContext.getBeanContext().getModuleID();
JavaSecurityManagers.setContextID(moduleID);
This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader). Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vSG93LWNhbi1JLWVuYWJsZS1KQUNDLWluLVRvbUVFLXRwNDY3MzExM3A0Njc5NzQ2Lmh0bWw%3D&_s=ZXJpZTE%3D&_c=0f754806
).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and
discussion
are welcome.
Jon
On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>> permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From: "Jonathan Gallimore" <jo...@gmail.com>
>> To: users@tomee.apache.org,
>> Date: 08/10/2018 12:54 PM
>> Subject: Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me
debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or
entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if
this
>> message has been addressed to you in error, you are hereby notified
that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 04WplRxa3) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=04WplRxa3&m=cae8652407e2&t=20180820
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=04WplRxa3&m=cae8652407e2&t=20180820
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=04WplRxa3&m=cae8652407e2&t=20180820
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
So I can explain a bit about what's going on here - everything goes ok with
the security manager switched on, up until the point where we pass through
OpenEJB's security service, at which point we do this:
final String moduleID = newContext.getBeanContext().getModuleID();
JavaSecurityManagers.setContextID(moduleID);
This sets a JACC security context which is then used to evaluate
permissions, which appears to reject the permission required (in this case
java.lang.RuntimePermission / setContextClassLoader). Further research,
and hazy memory of other conversations make me think that there are some
gaps in JACC in TomEE (
http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html).
It strikes me that we should be able to get this to work. It'll need a bit
more research on my part, however, so bear with me. Thoughts and discussion
are welcome.
Jon
On Tue, Aug 14, 2018 at 4:00 PM, Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:
> Thanks, that's useful.
>
> Jon
>
> On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
>
>> Security policy is very simple right now:
>>
>> grant {
>> permission java.security.AllPermission;
>> };
>>
>> Thanks!
>> Ross
>>
>>
>>
>> From: "Jonathan Gallimore" <jo...@gmail.com>
>> To: users@tomee.apache.org,
>> Date: 08/10/2018 12:54 PM
>> Subject: Re: EAR deployment
>>
>>
>>
>> It didn't, sorry. I still want to work on it and should have time next
>> week. Are you able to share your security manager policy to help me debug
>> it through?
>>
>> Jon
>>
>> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>>
>> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
>> > already
>> > have an ugly work-around, but still ...
>> >
>> > Ross
>> >
>> >
>> >
>> > --
>> > Sent from:
>> >
>> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDov
>> L3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNl
>> cnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>>
>> >
>>
>>
>> --
>> BEGIN-ANTISPAM-VOTING-LINKS
>> ------------------------------------------------------
>>
>> Teach CanIt if this mail (ID 02WlsSioE) is spam:
>> Spam:
>> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Not spam:
>> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> Forget vote:
>> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
>> 9b4a3eadf679&t=20180810
>>
>> ------------------------------------------------------
>> END-ANTISPAM-VOTING-LINKS
>>
>>
>>
>>
>>
>> Confidentiality Notice:
>> This electronic message and any attachments may contain confidential or
>> privileged information, and is intended only for the individual or entity
>> identified above as the addressee. If you are not the addressee (or the
>> employee or agent responsible to deliver it to the addressee), or if this
>> message has been addressed to you in error, you are hereby notified that
>> you may not copy, forward, disclose or use any part of this message or
>> any
>> attachments. Please notify the sender immediately by return e-mail or
>> telephone and delete this message from your system.
>>
>
>
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
Thanks, that's useful.
Jon
On Mon, Aug 13, 2018 at 3:15 PM, <rc...@e1b.org> wrote:
> Security policy is very simple right now:
>
> grant {
> permission java.security.AllPermission;
> };
>
> Thanks!
> Ross
>
>
>
> From: "Jonathan Gallimore" <jo...@gmail.com>
> To: users@tomee.apache.org,
> Date: 08/10/2018 12:54 PM
> Subject: Re: EAR deployment
>
>
>
> It didn't, sorry. I still want to work on it and should have time next
> week. Are you able to share your security manager policy to help me debug
> it through?
>
> Jon
>
> On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
>
> > Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> > already
> > have an ugly work-around, but still ...
> >
> > Ross
> >
> >
> >
> > --
> > Sent from:
> >
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9t
> RUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 02WlsSioE) is spam:
> Spam:
> https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> Not spam:
> https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> Forget vote:
> https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=
> 9b4a3eadf679&t=20180810
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
Security policy is very simple right now:
grant {
permission java.security.AllPermission;
};
Thanks!
Ross
From: "Jonathan Gallimore" <jo...@gmail.com>
To: users@tomee.apache.org,
Date: 08/10/2018 12:54 PM
Subject: Re: EAR deployment
It didn't, sorry. I still want to work on it and should have time next
week. Are you able to share your security manager policy to help me debug
it through?
Jon
On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
> Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> already
> have an ugly work-around, but still ...
>
> Ross
>
>
>
> --
> Sent from:
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3RvbWVlLW9wZW5lamIuOTc5NDQwLm40Lm5hYmJsZS5jb20vVG9tRUUtVXNlcnMtZjk3OTQ0MS5odG1s&_s=ZXJpZTE%3D&_c=37b3c580
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 02WlsSioE) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=02WlsSioE&m=9b4a3eadf679&t=20180810
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=02WlsSioE&m=9b4a3eadf679&t=20180810
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=02WlsSioE&m=9b4a3eadf679&t=20180810
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
It didn't, sorry. I still want to work on it and should have time next
week. Are you able to share your security manager policy to help me debug
it through?
Jon
On Fri, 10 Aug 2018, 15:23 ross.cohen, <ro...@gmail.com> wrote:
> Any chance this got fixed in 7.0.5? My hopes aren't too high, and I
> already
> have an ugly work-around, but still ...
>
> Ross
>
>
>
> --
> Sent from:
> http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
>
Re: EAR deployment
Posted by "ross.cohen" <ro...@gmail.com>.
Any chance this got fixed in 7.0.5? My hopes aren't too high, and I already
have an ugly work-around, but still ...
Ross
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
I'll take a look - will be early next week before I can get to it.
Jon
On Fri, Jun 29, 2018 at 3:50 PM, Romain Manni-Bucau <rm...@gmail.com>
wrote:
> ears probably not (but you are not that numerous anymore ;)) but with a
> security manager is more the criteria here IMHO.
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/
> rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <https://www.packtpub.com/application-development/java-
> ee-8-high-performance>
>
>
> Le ven. 29 juin 2018 à 16:44, <rc...@e1b.org> a écrit :
>
> > Not terribly familiar with Git, but I assume you asking me to submit a
> > pull request that points to a fix? The short answer is "no". I would
> > love to see this fixed, but right now I don't have the time to grok git
> > (we use svn), set up a build environment for Tomee, pickup maven (we use
> > ant+ivy), and figure out the actual bug. If I have to, I will --- but
> > only God knows how long it will be before I can make the time to do these
> > things.
> >
> > But this raises a question: am I really the last person still deploying
> > EARs?! Really???
> >
> > Thanks for your prompt help -- you guys are amazing!
> > Ross
> >
> >
> >
> >
> >
> > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/28/2018 04:03 PM
> > Subject: Re: EAR deployment
> >
> >
> >
> > I see
> >
> > Then it is just a bug and we miss a wrapping to be SM compliant in that
> > part of the code.
> >
> > Do you want to submit a PR to fix it?
> >
> > Le jeu. 28 juin 2018 19:37, <rc...@e1b.org> a écrit :
> >
> > > Couldn't find it in the summary. Of course, its there as a VM
> > argument,
> > > but I expect that. After digging around a bit more I found it in the
> > > MXBeans: java.lang -> Runtime -> Attributes.
> > >
> > > Every thing there is set as it is in the file: ie
> > > java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
> > > java.security.manager=<no value>
> > >
> > > -- both of which I would expect.
> > >
> > > Note that I have not tried chang <Deployments dir="apps" /> in
> > tomee.xml.
> > > Maybe that needs chaning -- though what I have seem really close to
> > > working.
> > >
> > > Just occurred to me that I never included my full VM args:
> > >
> > > -Dcatalina.base="C:\IBM\liferay\tomee"
> > > -Dcatalina.home="C:\IBM\liferay\tomee"
> > > -Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
> > > -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
> > > -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
> > >
> >
> > -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_
> CLEAR_REFERENCES=false
> > >
> > >
> > > -Duser.timezone=EST
> > > -Djava.security.manager
> > > -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
> > >
> > -Djava.security.auth.login.config="C:\IBM\liferay\tomee\
> conf\jaas.config"
> > > -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
> > > -Xmx2048m
> > >
> > >
> > > Thanks,
> > > Ross
> > >
> > >
> > >
> > >
> > >
> > > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > > To: users@tomee.apache.org,
> > > Date: 06/28/2018 11:20 AM
> > > Subject: Re: EAR deployment
> > >
> > >
> > >
> > > I think you can check it in the JVM info in system properties (VM
> > Summary)
> > >
> > > Romain Manni-Bucau
> > > @rmannibucau <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> >
> > > > | Blog
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> >
> > > > | Old Blog
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> >
> > > > | Github <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> >
> > > > |
> > > LinkedIn <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=
> ZXJpZTE%3D&_c=aff046f7
> >
> > > > | Book
> > > <
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt
> ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
> > > >
> > >
> > >
> > > Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
> > >
> > > > So:
> > > >
> > > > 1. With the security manager disabled, the ear deploys fine, ejb's
> > > > instantitiate, initialize, etc -- no errors at all!
> > > >
> > > > 2. I connected to the running jvm with jmx, and poked around for a
> > > while,
> > > > but could not find where it specified the policy file Tomcat was
> > using.
> > > > Can I get a hint as to where this info is?
> > > >
> > > > Thanks,
> > > > Ross
> > > >
> > > >
> > > >
> > > > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > > > To: users@tomee.apache.org,
> > > > Date: 06/27/2018 04:54 PM
> > > > Subject: Re: EAR deployment
> > > >
> > > >
> > > >
> > > > Hi
> > > >
> > > > can you confirm it works without the security manager enabled?
> > > >
> > > > Also can you check connecting on the JVM through JMX that the right
> > > policy
> > > > file is used and tomcat didn't override the one you thought using?
> > > >
> > > > Romain Manni-Bucau
> > > > @rmannibucau <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> >
> > >
> > > > > | Blog
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> >
> > >
> > > > > | Old Blog
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> >
> > >
> > > > > | Github <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> >
> > >
> > > > > |
> > > > LinkedIn <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=
> ZXJpZTE%3D&_c=aff046f7
> >
> > >
> > > > > | Book
> > > > <
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/urlproxy.php?_q=
> aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3Bt
> ZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
> > >
> > > > >
> > > >
> > > >
> > > > Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> > > >
> > > > > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > > > > dir="apps" /> remains commented).
> > > > >
> > > > > Ross
> > > > >
> > > > >
> > > > >
> > > > > From: "Jonathan Gallimore" <jo...@gmail.com>
> > > > > To: users@tomee.apache.org,
> > > > > Date: 06/27/2018 12:22 PM
> > > > > Subject: Re: EAR deployment
> > > > >
> > > > >
> > > > >
> > > > > Hi
> > > > >
> > > > > What version of TomEE are you running?
> > > > >
> > > > > Are you deploying your EAR from webapps, or from apps with
> > > <Deployments
> > > > > dir="apps" /> added in tomee.xml?
> > > > >
> > > > > Regards
> > > > >
> > > > > Jon
> > > > >
> > > > > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> > > > >
> > > > > > I seem unable to deploy EARs. I have set the catalina.policy
> > to:
> > > > > > grant {
> > > > > > permission java.security.AllPermission;
> > > > > > };
> > > > > >
> > > > > > I have set the work directory to "work" (and at deploy see the
> > > > exploded
> > > > > > EAR there).
> > > > > >
> > > > > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > > > > unpackWARs to true.
> > > > > >
> > > > > > On deploy, at first matters look promising. It unpacks,
> > > initializes
> > > > my
> > > > > > EJBs, then I get single AccessContorlException
> > (RuntimePermistion),
> > > > > > followed by an infinitely repeating (every 5 seconds or so)
> access
> > > > > control
> > > > > > exception (FilePermission).
> > > > > >
> > > > > >
> > > > > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > > > > ejb-name=CloseEventsBean,
> > > > > > container=Default Singleton Container)
> > > > > > Jun 26, 2018 11:41:40 AM
> > > > org.apache.openejb.assembler.classic.Assembler
> > > > > > startEjbs
> > > > > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > > > > ejb-name=ManagerReminderBean, container=Default Singleton
> > Container)
> > > > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl
> > invoke
> > > > > > SEVERE: Exception invoking periodic operation:
> > > > > > java.security.AccessControlException: access denied
> > > > > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > > > > at
> > > > > > java.security.AccessControlContext.checkPermission(
> > > > > > AccessControlContext.java:472)
> > > > > > at
> > > > > >
> > > > >
> > > >
> > >
> > java.security.AccessController.checkPermission(
> AccessController.java:884)
> > > > > > at
> > > > > >
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > > at
> > java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > > > > at
> > > > > >
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > > > > at
> > > > > >
> > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > > > > at
> > > > > >
> > > > >
> > > >
> > >
> > org.apache.openejb.util.JuliLogStream.isWarnEnabled(
> JuliLogStream.java:61)
> > > > > > at
> > > > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > > > > at org.apache.openejb.util.Logger.warning(Logger.java:
> 646)
> > > > > > at
> > > > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > > > > TomcatWebAppBuilder.java:2233)
> > > > > > at
> > > > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > > > > GlobalListenerSupport.java:141)
> > > > > > at
> > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > > LifecycleBase.java:94)
> > > > > > at
> > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > > ContainerBase.java:1164)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1388)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1392)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > run(ContainerBase.java:1360)
> > > > > > at java.lang.Thread.run(Thread.java:748)
> > > > > >
> > > > > >
> > > > > >
> > > > > > Below is the repeating exception.
> > > > > >
> > > > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl
> > invoke
> > > > > > SEVERE: Exception invoking periodic operation:
> > > > > > java.security.AccessControlException: access denied
> > > > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\
> ROOT.war"
> > > > > "read")
> > > > > > at
> > > > > > java.security.AccessControlContext.checkPermission(
> > > > > > AccessControlContext.java:472)
> > > > > > at
> > > > > >
> > > > >
> > > >
> > >
> > java.security.AccessController.checkPermission(
> AccessController.java:884)
> > > > > > at
> > > > > >
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > > at
> > > > java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > > > at java.io.File.exists(File.java:814)
> > > > > > at
> > > > > > org.apache.catalina.startup.HostConfig.checkResources(
> > > > > > HostConfig.java:1296)
> > > > > > at
> > > > > > org.apache.catalina.startup.HostConfig.check(HostConfig.
> java:1623)
> > > > > > at
> > > > > >
> > > > >
> > > >
> > >
> > org.apache.catalina.startup.HostConfig.lifecycleEvent(
> HostConfig.java:314)
> > > > > > at
> > > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > > LifecycleBase.java:94)
> > > > > > at
> > > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > > ContainerBase.java:1164)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1388)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > processChildren(ContainerBase.java:1392)
> > > > > > at
> > > > > >
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > > run(ContainerBase.java:1360)
> > > > > > at java.lang.Thread.run(Thread.java:748)
> > > > > >
> > > > > >
> > > > > >
> > > > > > What am I missing? I can see that the exception implies
> > additional
> > > > > > permissions, but why doesn't my blanket grant of all permission
> in
> > > the
> > > > > > catalina policy file cover this?
> > > > > >
> > > > > > Ross
> > > > > >
> > > > > >
> > > > > > Confidentiality Notice:
> > > > > > This electronic message and any attachments may contain
> > confidential
> > > > or
> > > > > > privileged information, and is intended only for the individual
> or
> > > > > entity
> > > > > > identified above as the addressee. If you are not the addressee
> > (or
> > > > the
> > > > > > employee or agent responsible to deliver it to the addressee), or
> > if
> > > > > this
> > > > > > message has been addressed to you in error, you are hereby
> > notified
> > > > that
> > > > > > you may not copy, forward, disclose or use any part of this
> > message
> > > or
> > > > > any
> > > > > > attachments. Please notify the sender immediately by return
> e-mail
> > > or
> > > > > > telephone and delete this message from your system.
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > BEGIN-ANTISPAM-VOTING-LINKS
> > > > > ------------------------------------------------------
> > > > >
> > > > > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > > > > Spam:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > Not spam:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > Forget vote:
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=
> 2bb7a21db8c9&t=20180627
> >
> > >
> > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > END-ANTISPAM-VOTING-LINKS
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Confidentiality Notice:
> > > > > This electronic message and any attachments may contain
> confidential
> > > or
> > > > > privileged information, and is intended only for the individual or
> > > > entity
> > > > > identified above as the addressee. If you are not the addressee (or
> > > the
> > > > > employee or agent responsible to deliver it to the addressee), or
> if
> > > > this
> > > > > message has been addressed to you in error, you are hereby notified
> > > that
> > > > > you may not copy, forward, disclose or use any part of this message
> > or
> > > > any
> > > > > attachments. Please notify the sender immediately by return e-mail
> > or
> > > > > telephone and delete this message from your system.
> > > > >
> > > >
> > > >
> > > > --
> > > > BEGIN-ANTISPAM-VOTING-LINKS
> > > > ------------------------------------------------------
> > > >
> > > > Teach CanIt if this mail (ID 05W3USVJt) is spam:
> > > > Spam:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > Not spam:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > Forget vote:
> > > >
> > > >
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=
> 03c723824a9b&t=20180627
> >
> > >
> > > >
> > > > ------------------------------------------------------
> > > > END-ANTISPAM-VOTING-LINKS
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Confidentiality Notice:
> > > > This electronic message and any attachments may contain confidential
> > or
> > > > privileged information, and is intended only for the individual or
> > > entity
> > > > identified above as the addressee. If you are not the addressee (or
> > the
> > > > employee or agent responsible to deliver it to the addressee), or if
> > > this
> > > > message has been addressed to you in error, you are hereby notified
> > that
> > > > you may not copy, forward, disclose or use any part of this message
> or
> > > any
> > > > attachments. Please notify the sender immediately by return e-mail or
> > > > telephone and delete this message from your system.
> > > >
> > >
> > >
> > > --
> > > BEGIN-ANTISPAM-VOTING-LINKS
> > > ------------------------------------------------------
> > >
> > > Teach CanIt if this mail (ID 02W4fkxqC) is spam:
> > > Spam:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > Not spam:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > Forget vote:
> > >
> > >
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=
> d2fb064f979c&t=20180628
> >
> > >
> > > ------------------------------------------------------
> > > END-ANTISPAM-VOTING-LINKS
> > >
> > >
> > >
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message or
> > any
> > > attachments. Please notify the sender immediately by return e-mail or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 05W4k3PHx) is spam:
> > Spam:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=s&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > Not spam:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=n&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > Forget vote:
> >
> > https://milton-web.wnyric.org/canit/b.php?c=f&i=05W4k3PHx&m=
> 4665151ab5c3&t=20180628
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
Re: EAR deployment
Posted by Romain Manni-Bucau <rm...@gmail.com>.
ears probably not (but you are not that numerous anymore ;)) but with a
security manager is more the criteria here IMHO.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le ven. 29 juin 2018 à 16:44, <rc...@e1b.org> a écrit :
> Not terribly familiar with Git, but I assume you asking me to submit a
> pull request that points to a fix? The short answer is "no". I would
> love to see this fixed, but right now I don't have the time to grok git
> (we use svn), set up a build environment for Tomee, pickup maven (we use
> ant+ivy), and figure out the actual bug. If I have to, I will --- but
> only God knows how long it will be before I can make the time to do these
> things.
>
> But this raises a question: am I really the last person still deploying
> EARs?! Really???
>
> Thanks for your prompt help -- you guys are amazing!
> Ross
>
>
>
>
>
> From: "Romain Manni-Bucau" <rm...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/28/2018 04:03 PM
> Subject: Re: EAR deployment
>
>
>
> I see
>
> Then it is just a bug and we miss a wrapping to be SM compliant in that
> part of the code.
>
> Do you want to submit a PR to fix it?
>
> Le jeu. 28 juin 2018 19:37, <rc...@e1b.org> a écrit :
>
> > Couldn't find it in the summary. Of course, its there as a VM
> argument,
> > but I expect that. After digging around a bit more I found it in the
> > MXBeans: java.lang -> Runtime -> Attributes.
> >
> > Every thing there is set as it is in the file: ie
> > java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
> > java.security.manager=<no value>
> >
> > -- both of which I would expect.
> >
> > Note that I have not tried chang <Deployments dir="apps" /> in
> tomee.xml.
> > Maybe that needs chaning -- though what I have seem really close to
> > working.
> >
> > Just occurred to me that I never included my full VM args:
> >
> > -Dcatalina.base="C:\IBM\liferay\tomee"
> > -Dcatalina.home="C:\IBM\liferay\tomee"
> > -Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
> > -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
> > -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
> >
>
> -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
> >
> >
> > -Duser.timezone=EST
> > -Djava.security.manager
> > -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
> >
> -Djava.security.auth.login.config="C:\IBM\liferay\tomee\conf\jaas.config"
> > -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
> > -Xmx2048m
> >
> >
> > Thanks,
> > Ross
> >
> >
> >
> >
> >
> > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/28/2018 11:20 AM
> > Subject: Re: EAR deployment
> >
> >
> >
> > I think you can check it in the JVM info in system properties (VM
> Summary)
> >
> > Romain Manni-Bucau
> > @rmannibucau <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
>
> > > | Blog
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
>
> > > | Old Blog
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
>
> > > | Github <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
>
> > > |
> > LinkedIn <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
>
> > > | Book
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
> > >
> >
> >
> > Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
> >
> > > So:
> > >
> > > 1. With the security manager disabled, the ear deploys fine, ejb's
> > > instantitiate, initialize, etc -- no errors at all!
> > >
> > > 2. I connected to the running jvm with jmx, and poked around for a
> > while,
> > > but could not find where it specified the policy file Tomcat was
> using.
> > > Can I get a hint as to where this info is?
> > >
> > > Thanks,
> > > Ross
> > >
> > >
> > >
> > > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > > To: users@tomee.apache.org,
> > > Date: 06/27/2018 04:54 PM
> > > Subject: Re: EAR deployment
> > >
> > >
> > >
> > > Hi
> > >
> > > can you confirm it works without the security manager enabled?
> > >
> > > Also can you check connecting on the JVM through JMX that the right
> > policy
> > > file is used and tomcat didn't override the one you thought using?
> > >
> > > Romain Manni-Bucau
> > > @rmannibucau <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
>
> >
> > > > | Blog
> > > <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
>
> >
> > > > | Old Blog
> > > <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
>
> >
> > > > | Github <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
>
> >
> > > > |
> > > LinkedIn <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
>
> >
> > > > | Book
> > > <
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
> >
> > > >
> > >
> > >
> > > Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> > >
> > > > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > > > dir="apps" /> remains commented).
> > > >
> > > > Ross
> > > >
> > > >
> > > >
> > > > From: "Jonathan Gallimore" <jo...@gmail.com>
> > > > To: users@tomee.apache.org,
> > > > Date: 06/27/2018 12:22 PM
> > > > Subject: Re: EAR deployment
> > > >
> > > >
> > > >
> > > > Hi
> > > >
> > > > What version of TomEE are you running?
> > > >
> > > > Are you deploying your EAR from webapps, or from apps with
> > <Deployments
> > > > dir="apps" /> added in tomee.xml?
> > > >
> > > > Regards
> > > >
> > > > Jon
> > > >
> > > > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> > > >
> > > > > I seem unable to deploy EARs. I have set the catalina.policy
> to:
> > > > > grant {
> > > > > permission java.security.AllPermission;
> > > > > };
> > > > >
> > > > > I have set the work directory to "work" (and at deploy see the
> > > exploded
> > > > > EAR there).
> > > > >
> > > > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > > > unpackWARs to true.
> > > > >
> > > > > On deploy, at first matters look promising. It unpacks,
> > initializes
> > > my
> > > > > EJBs, then I get single AccessContorlException
> (RuntimePermistion),
> > > > > followed by an infinitely repeating (every 5 seconds or so) access
> > > > control
> > > > > exception (FilePermission).
> > > > >
> > > > >
> > > > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > > > ejb-name=CloseEventsBean,
> > > > > container=Default Singleton Container)
> > > > > Jun 26, 2018 11:41:40 AM
> > > org.apache.openejb.assembler.classic.Assembler
> > > > > startEjbs
> > > > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > > > ejb-name=ManagerReminderBean, container=Default Singleton
> Container)
> > > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl
> invoke
> > > > > SEVERE: Exception invoking periodic operation:
> > > > > java.security.AccessControlException: access denied
> > > > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > > > at
> > > > > java.security.AccessControlContext.checkPermission(
> > > > > AccessControlContext.java:472)
> > > > > at
> > > > >
> > > >
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > > > at
> > > > >
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > at
> java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > > > at
> > > > >
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > > > at
> > > > >
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > > > at
> > > > >
> > > >
> > >
> >
> org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > > > > at
> > > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > > > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > > > > at
> > > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > > > TomcatWebAppBuilder.java:2233)
> > > > > at
> > > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > > > GlobalListenerSupport.java:141)
> > > > > at
> > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > LifecycleBase.java:94)
> > > > > at
> > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > ContainerBase.java:1164)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > processChildren(ContainerBase.java:1388)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > processChildren(ContainerBase.java:1392)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > run(ContainerBase.java:1360)
> > > > > at java.lang.Thread.run(Thread.java:748)
> > > > >
> > > > >
> > > > >
> > > > > Below is the repeating exception.
> > > > >
> > > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl
> invoke
> > > > > SEVERE: Exception invoking periodic operation:
> > > > > java.security.AccessControlException: access denied
> > > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> > > > "read")
> > > > > at
> > > > > java.security.AccessControlContext.checkPermission(
> > > > > AccessControlContext.java:472)
> > > > > at
> > > > >
> > > >
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > > > at
> > > > >
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > > at
> > > java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > > at java.io.File.exists(File.java:814)
> > > > > at
> > > > > org.apache.catalina.startup.HostConfig.checkResources(
> > > > > HostConfig.java:1296)
> > > > > at
> > > > > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > > > > at
> > > > >
> > > >
> > >
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > > > > at
> > > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > > LifecycleBase.java:94)
> > > > > at
> > > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > > ContainerBase.java:1164)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > processChildren(ContainerBase.java:1388)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > processChildren(ContainerBase.java:1392)
> > > > > at
> > > > >
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > > run(ContainerBase.java:1360)
> > > > > at java.lang.Thread.run(Thread.java:748)
> > > > >
> > > > >
> > > > >
> > > > > What am I missing? I can see that the exception implies
> additional
> > > > > permissions, but why doesn't my blanket grant of all permission in
> > the
> > > > > catalina policy file cover this?
> > > > >
> > > > > Ross
> > > > >
> > > > >
> > > > > Confidentiality Notice:
> > > > > This electronic message and any attachments may contain
> confidential
> > > or
> > > > > privileged information, and is intended only for the individual or
> > > > entity
> > > > > identified above as the addressee. If you are not the addressee
> (or
> > > the
> > > > > employee or agent responsible to deliver it to the addressee), or
> if
> > > > this
> > > > > message has been addressed to you in error, you are hereby
> notified
> > > that
> > > > > you may not copy, forward, disclose or use any part of this
> message
> > or
> > > > any
> > > > > attachments. Please notify the sender immediately by return e-mail
> > or
> > > > > telephone and delete this message from your system.
> > > > >
> > > >
> > > >
> > > > --
> > > > BEGIN-ANTISPAM-VOTING-LINKS
> > > > ------------------------------------------------------
> > > >
> > > > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > > > Spam:
> > > >
> > > >
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > >
> > > > Not spam:
> > > >
> > > >
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > >
> > > > Forget vote:
> > > >
> > > >
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > >
> > > > ------------------------------------------------------
> > > > END-ANTISPAM-VOTING-LINKS
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Confidentiality Notice:
> > > > This electronic message and any attachments may contain confidential
> > or
> > > > privileged information, and is intended only for the individual or
> > > entity
> > > > identified above as the addressee. If you are not the addressee (or
> > the
> > > > employee or agent responsible to deliver it to the addressee), or if
> > > this
> > > > message has been addressed to you in error, you are hereby notified
> > that
> > > > you may not copy, forward, disclose or use any part of this message
> or
> > > any
> > > > attachments. Please notify the sender immediately by return e-mail
> or
> > > > telephone and delete this message from your system.
> > > >
> > >
> > >
> > > --
> > > BEGIN-ANTISPAM-VOTING-LINKS
> > > ------------------------------------------------------
> > >
> > > Teach CanIt if this mail (ID 05W3USVJt) is spam:
> > > Spam:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > >
> > > Not spam:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > >
> > > Forget vote:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > >
> > > ------------------------------------------------------
> > > END-ANTISPAM-VOTING-LINKS
> > >
> > >
> > >
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential
> or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or
> the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message or
> > any
> > > attachments. Please notify the sender immediately by return e-mail or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 02W4fkxqC) is spam:
> > Spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> >
> > Not spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> >
> > Forget vote:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 05W4k3PHx) is spam:
> Spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=05W4k3PHx&m=4665151ab5c3&t=20180628
>
> Not spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=05W4k3PHx&m=4665151ab5c3&t=20180628
>
> Forget vote:
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=05W4k3PHx&m=4665151ab5c3&t=20180628
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
Not terribly familiar with Git, but I assume you asking me to submit a
pull request that points to a fix? The short answer is "no". I would
love to see this fixed, but right now I don't have the time to grok git
(we use svn), set up a build environment for Tomee, pickup maven (we use
ant+ivy), and figure out the actual bug. If I have to, I will --- but
only God knows how long it will be before I can make the time to do these
things.
But this raises a question: am I really the last person still deploying
EARs?! Really???
Thanks for your prompt help -- you guys are amazing!
Ross
From: "Romain Manni-Bucau" <rm...@gmail.com>
To: users@tomee.apache.org,
Date: 06/28/2018 04:03 PM
Subject: Re: EAR deployment
I see
Then it is just a bug and we miss a wrapping to be SM compliant in that
part of the code.
Do you want to submit a PR to fix it?
Le jeu. 28 juin 2018 19:37, <rc...@e1b.org> a écrit :
> Couldn't find it in the summary. Of course, its there as a VM
argument,
> but I expect that. After digging around a bit more I found it in the
> MXBeans: java.lang -> Runtime -> Attributes.
>
> Every thing there is set as it is in the file: ie
> java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
> java.security.manager=<no value>
>
> -- both of which I would expect.
>
> Note that I have not tried chang <Deployments dir="apps" /> in
tomee.xml.
> Maybe that needs chaning -- though what I have seem really close to
> working.
>
> Just occurred to me that I never included my full VM args:
>
> -Dcatalina.base="C:\IBM\liferay\tomee"
> -Dcatalina.home="C:\IBM\liferay\tomee"
> -Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
> -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
> -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
>
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
>
>
> -Duser.timezone=EST
> -Djava.security.manager
> -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
>
-Djava.security.auth.login.config="C:\IBM\liferay\tomee\conf\jaas.config"
> -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
> -Xmx2048m
>
>
> Thanks,
> Ross
>
>
>
>
>
> From: "Romain Manni-Bucau" <rm...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/28/2018 11:20 AM
> Subject: Re: EAR deployment
>
>
>
> I think you can check it in the JVM info in system properties (VM
Summary)
>
> Romain Manni-Bucau
> @rmannibucau <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> > | Blog
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> > | Old Blog
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> > | Github <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> > |
> LinkedIn <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> > | Book
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
>
>
> Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
>
> > So:
> >
> > 1. With the security manager disabled, the ear deploys fine, ejb's
> > instantitiate, initialize, etc -- no errors at all!
> >
> > 2. I connected to the running jvm with jmx, and poked around for a
> while,
> > but could not find where it specified the policy file Tomcat was
using.
> > Can I get a hint as to where this info is?
> >
> > Thanks,
> > Ross
> >
> >
> >
> > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/27/2018 04:54 PM
> > Subject: Re: EAR deployment
> >
> >
> >
> > Hi
> >
> > can you confirm it works without the security manager enabled?
> >
> > Also can you check connecting on the JVM through JMX that the right
> policy
> > file is used and tomcat didn't override the one you thought using?
> >
> > Romain Manni-Bucau
> > @rmannibucau <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
>
> > > | Blog
> > <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
>
> > > | Old Blog
> > <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
>
> > > | Github <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
>
> > > |
> > LinkedIn <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
>
> > > | Book
> > <
> >
> >
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
> > >
> >
> >
> > Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> >
> > > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > > dir="apps" /> remains commented).
> > >
> > > Ross
> > >
> > >
> > >
> > > From: "Jonathan Gallimore" <jo...@gmail.com>
> > > To: users@tomee.apache.org,
> > > Date: 06/27/2018 12:22 PM
> > > Subject: Re: EAR deployment
> > >
> > >
> > >
> > > Hi
> > >
> > > What version of TomEE are you running?
> > >
> > > Are you deploying your EAR from webapps, or from apps with
> <Deployments
> > > dir="apps" /> added in tomee.xml?
> > >
> > > Regards
> > >
> > > Jon
> > >
> > > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> > >
> > > > I seem unable to deploy EARs. I have set the catalina.policy
to:
> > > > grant {
> > > > permission java.security.AllPermission;
> > > > };
> > > >
> > > > I have set the work directory to "work" (and at deploy see the
> > exploded
> > > > EAR there).
> > > >
> > > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > > unpackWARs to true.
> > > >
> > > > On deploy, at first matters look promising. It unpacks,
> initializes
> > my
> > > > EJBs, then I get single AccessContorlException
(RuntimePermistion),
> > > > followed by an infinitely repeating (every 5 seconds or so) access
> > > control
> > > > exception (FilePermission).
> > > >
> > > >
> > > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > > ejb-name=CloseEventsBean,
> > > > container=Default Singleton Container)
> > > > Jun 26, 2018 11:41:40 AM
> > org.apache.openejb.assembler.classic.Assembler
> > > > startEjbs
> > > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > > ejb-name=ManagerReminderBean, container=Default Singleton
Container)
> > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl
invoke
> > > > SEVERE: Exception invoking periodic operation:
> > > > java.security.AccessControlException: access denied
> > > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > > at
> > > > java.security.AccessControlContext.checkPermission(
> > > > AccessControlContext.java:472)
> > > > at
> > > >
> > >
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > > > at
> > > >
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > at
java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > > at
> > > >
org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > > at
> > > >
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > > at
> > > >
> > >
> >
>
org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > > > at
> > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > > > at
> > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > > TomcatWebAppBuilder.java:2233)
> > > > at
> > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > > GlobalListenerSupport.java:141)
> > > > at
> > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > LifecycleBase.java:94)
> > > > at
> > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > ContainerBase.java:1164)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1388)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1392)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > run(ContainerBase.java:1360)
> > > > at java.lang.Thread.run(Thread.java:748)
> > > >
> > > >
> > > >
> > > > Below is the repeating exception.
> > > >
> > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl
invoke
> > > > SEVERE: Exception invoking periodic operation:
> > > > java.security.AccessControlException: access denied
> > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> > > "read")
> > > > at
> > > > java.security.AccessControlContext.checkPermission(
> > > > AccessControlContext.java:472)
> > > > at
> > > >
> > >
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > > > at
> > > >
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > at
> > java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > at java.io.File.exists(File.java:814)
> > > > at
> > > > org.apache.catalina.startup.HostConfig.checkResources(
> > > > HostConfig.java:1296)
> > > > at
> > > > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > > > at
> > > >
> > >
> >
>
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > > > at
> > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > LifecycleBase.java:94)
> > > > at
> > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > ContainerBase.java:1164)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1388)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1392)
> > > > at
> > > >
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > run(ContainerBase.java:1360)
> > > > at java.lang.Thread.run(Thread.java:748)
> > > >
> > > >
> > > >
> > > > What am I missing? I can see that the exception implies
additional
> > > > permissions, but why doesn't my blanket grant of all permission in
> the
> > > > catalina policy file cover this?
> > > >
> > > > Ross
> > > >
> > > >
> > > > Confidentiality Notice:
> > > > This electronic message and any attachments may contain
confidential
> > or
> > > > privileged information, and is intended only for the individual or
> > > entity
> > > > identified above as the addressee. If you are not the addressee
(or
> > the
> > > > employee or agent responsible to deliver it to the addressee), or
if
> > > this
> > > > message has been addressed to you in error, you are hereby
notified
> > that
> > > > you may not copy, forward, disclose or use any part of this
message
> or
> > > any
> > > > attachments. Please notify the sender immediately by return e-mail
> or
> > > > telephone and delete this message from your system.
> > > >
> > >
> > >
> > > --
> > > BEGIN-ANTISPAM-VOTING-LINKS
> > > ------------------------------------------------------
> > >
> > > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > > Spam:
> > >
> > >
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > Not spam:
> > >
> > >
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > Forget vote:
> > >
> > >
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > ------------------------------------------------------
> > > END-ANTISPAM-VOTING-LINKS
> > >
> > >
> > >
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential
> or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or
> the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message
or
> > any
> > > attachments. Please notify the sender immediately by return e-mail
or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 05W3USVJt) is spam:
> > Spam:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > Not spam:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > Forget vote:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential
or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or
the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified
that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 02W4fkxqC) is spam:
> Spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> Not spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> Forget vote:
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or
entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if
this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or
any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 05W4k3PHx) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=05W4k3PHx&m=4665151ab5c3&t=20180628
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=05W4k3PHx&m=4665151ab5c3&t=20180628
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=05W4k3PHx&m=4665151ab5c3&t=20180628
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Romain Manni-Bucau <rm...@gmail.com>.
I see
Then it is just a bug and we miss a wrapping to be SM compliant in that
part of the code.
Do you want to submit a PR to fix it?
Le jeu. 28 juin 2018 19:37, <rc...@e1b.org> a écrit :
> Couldn't find it in the summary. Of course, its there as a VM argument,
> but I expect that. After digging around a bit more I found it in the
> MXBeans: java.lang -> Runtime -> Attributes.
>
> Every thing there is set as it is in the file: ie
> java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
> java.security.manager=<no value>
>
> -- both of which I would expect.
>
> Note that I have not tried chang <Deployments dir="apps" /> in tomee.xml.
> Maybe that needs chaning -- though what I have seem really close to
> working.
>
> Just occurred to me that I never included my full VM args:
>
> -Dcatalina.base="C:\IBM\liferay\tomee"
> -Dcatalina.home="C:\IBM\liferay\tomee"
> -Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
> -Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
> -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
> -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
>
>
> -Duser.timezone=EST
> -Djava.security.manager
> -Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
> -Djava.security.auth.login.config="C:\IBM\liferay\tomee\conf\jaas.config"
> -Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
> -Xmx2048m
>
>
> Thanks,
> Ross
>
>
>
>
>
> From: "Romain Manni-Bucau" <rm...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/28/2018 11:20 AM
> Subject: Re: EAR deployment
>
>
>
> I think you can check it in the JVM info in system properties (VM Summary)
>
> Romain Manni-Bucau
> @rmannibucau <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> > | Blog
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> > | Old Blog
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> > | Github <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> > |
> LinkedIn <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> > | Book
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
>
>
> Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
>
> > So:
> >
> > 1. With the security manager disabled, the ear deploys fine, ejb's
> > instantitiate, initialize, etc -- no errors at all!
> >
> > 2. I connected to the running jvm with jmx, and poked around for a
> while,
> > but could not find where it specified the policy file Tomcat was using.
> > Can I get a hint as to where this info is?
> >
> > Thanks,
> > Ross
> >
> >
> >
> > From: "Romain Manni-Bucau" <rm...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/27/2018 04:54 PM
> > Subject: Re: EAR deployment
> >
> >
> >
> > Hi
> >
> > can you confirm it works without the security manager enabled?
> >
> > Also can you check connecting on the JVM through JMX that the right
> policy
> > file is used and tomcat didn't override the one you thought using?
> >
> > Romain Manni-Bucau
> > @rmannibucau <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
>
> > > | Blog
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
>
> > > | Old Blog
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
>
> > > | Github <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
>
> > > |
> > LinkedIn <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
>
> > > | Book
> > <
> >
> >
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
> > >
> >
> >
> > Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> >
> > > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > > dir="apps" /> remains commented).
> > >
> > > Ross
> > >
> > >
> > >
> > > From: "Jonathan Gallimore" <jo...@gmail.com>
> > > To: users@tomee.apache.org,
> > > Date: 06/27/2018 12:22 PM
> > > Subject: Re: EAR deployment
> > >
> > >
> > >
> > > Hi
> > >
> > > What version of TomEE are you running?
> > >
> > > Are you deploying your EAR from webapps, or from apps with
> <Deployments
> > > dir="apps" /> added in tomee.xml?
> > >
> > > Regards
> > >
> > > Jon
> > >
> > > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> > >
> > > > I seem unable to deploy EARs. I have set the catalina.policy to:
> > > > grant {
> > > > permission java.security.AllPermission;
> > > > };
> > > >
> > > > I have set the work directory to "work" (and at deploy see the
> > exploded
> > > > EAR there).
> > > >
> > > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > > unpackWARs to true.
> > > >
> > > > On deploy, at first matters look promising. It unpacks,
> initializes
> > my
> > > > EJBs, then I get single AccessContorlException (RuntimePermistion),
> > > > followed by an infinitely repeating (every 5 seconds or so) access
> > > control
> > > > exception (FilePermission).
> > > >
> > > >
> > > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > > ejb-name=CloseEventsBean,
> > > > container=Default Singleton Container)
> > > > Jun 26, 2018 11:41:40 AM
> > org.apache.openejb.assembler.classic.Assembler
> > > > startEjbs
> > > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > > ejb-name=ManagerReminderBean, container=Default Singleton Container)
> > > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > > SEVERE: Exception invoking periodic operation:
> > > > java.security.AccessControlException: access denied
> > > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > > at
> > > > java.security.AccessControlContext.checkPermission(
> > > > AccessControlContext.java:472)
> > > > at
> > > >
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > > at
> > > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > > at
> > > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > > at
> > > >
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > > at
> > > >
> > >
> >
> org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > > > at
> > > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > > > at
> > > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > > TomcatWebAppBuilder.java:2233)
> > > > at
> > > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > > GlobalListenerSupport.java:141)
> > > > at
> > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > LifecycleBase.java:94)
> > > > at
> > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > ContainerBase.java:1164)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1388)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1392)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > run(ContainerBase.java:1360)
> > > > at java.lang.Thread.run(Thread.java:748)
> > > >
> > > >
> > > >
> > > > Below is the repeating exception.
> > > >
> > > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > > SEVERE: Exception invoking periodic operation:
> > > > java.security.AccessControlException: access denied
> > > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> > > "read")
> > > > at
> > > > java.security.AccessControlContext.checkPermission(
> > > > AccessControlContext.java:472)
> > > > at
> > > >
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > > at
> > > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > > at
> > java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > > at java.io.File.exists(File.java:814)
> > > > at
> > > > org.apache.catalina.startup.HostConfig.checkResources(
> > > > HostConfig.java:1296)
> > > > at
> > > > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > > > at
> > > >
> > >
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > > > at
> > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > > LifecycleBase.java:94)
> > > > at
> > > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > > ContainerBase.java:1164)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1388)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > processChildren(ContainerBase.java:1392)
> > > > at
> > > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > > run(ContainerBase.java:1360)
> > > > at java.lang.Thread.run(Thread.java:748)
> > > >
> > > >
> > > >
> > > > What am I missing? I can see that the exception implies additional
> > > > permissions, but why doesn't my blanket grant of all permission in
> the
> > > > catalina policy file cover this?
> > > >
> > > > Ross
> > > >
> > > >
> > > > Confidentiality Notice:
> > > > This electronic message and any attachments may contain confidential
> > or
> > > > privileged information, and is intended only for the individual or
> > > entity
> > > > identified above as the addressee. If you are not the addressee (or
> > the
> > > > employee or agent responsible to deliver it to the addressee), or if
> > > this
> > > > message has been addressed to you in error, you are hereby notified
> > that
> > > > you may not copy, forward, disclose or use any part of this message
> or
> > > any
> > > > attachments. Please notify the sender immediately by return e-mail
> or
> > > > telephone and delete this message from your system.
> > > >
> > >
> > >
> > > --
> > > BEGIN-ANTISPAM-VOTING-LINKS
> > > ------------------------------------------------------
> > >
> > > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > > Spam:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > Not spam:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > Forget vote:
> > >
> > >
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > >
> > > ------------------------------------------------------
> > > END-ANTISPAM-VOTING-LINKS
> > >
> > >
> > >
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential
> or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or
> the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message or
> > any
> > > attachments. Please notify the sender immediately by return e-mail or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 05W3USVJt) is spam:
> > Spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > Not spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > Forget vote:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 02W4fkxqC) is spam:
> Spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> Not spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> Forget vote:
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=d2fb064f979c&t=20180628
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
Couldn't find it in the summary. Of course, its there as a VM argument,
but I expect that. After digging around a bit more I found it in the
MXBeans: java.lang -> Runtime -> Attributes.
Every thing there is set as it is in the file: ie
java.security.policy=C:\IBM\liferay\tomee\conf\catalina.policy
java.security.manager=<no value>
-- both of which I would expect.
Note that I have not tried chang <Deployments dir="apps" /> in tomee.xml.
Maybe that needs chaning -- though what I have seem really close to
working.
Just occurred to me that I never included my full VM args:
-Dcatalina.base="C:\IBM\liferay\tomee"
-Dcatalina.home="C:\IBM\liferay\tomee"
-Dwtp.deploy="C:\IBM\liferay\tomee\webapps"
-Djava.endorsed.dirs="C:\IBM\liferay\tomee\endorsed"
-Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
-Duser.timezone=EST
-Djava.security.manager
-Djava.security.policy="C:\IBM\liferay\tomee\conf\catalina.policy"
-Djava.security.auth.login.config="C:\IBM\liferay\tomee\conf\jaas.config"
-Dwnyric.deployment.properties.directory.path="C:\IBM\liferay"
-Xmx2048m
Thanks,
Ross
From: "Romain Manni-Bucau" <rm...@gmail.com>
To: users@tomee.apache.org,
Date: 06/28/2018 11:20 AM
Subject: Re: EAR deployment
I think you can check it in the JVM info in system properties (VM Summary)
Romain Manni-Bucau
@rmannibucau <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> | Blog
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> | Old Blog
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> | Github <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> |
LinkedIn <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> | Book
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
> So:
>
> 1. With the security manager disabled, the ear deploys fine, ejb's
> instantitiate, initialize, etc -- no errors at all!
>
> 2. I connected to the running jvm with jmx, and poked around for a
while,
> but could not find where it specified the policy file Tomcat was using.
> Can I get a hint as to where this info is?
>
> Thanks,
> Ross
>
>
>
> From: "Romain Manni-Bucau" <rm...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/27/2018 04:54 PM
> Subject: Re: EAR deployment
>
>
>
> Hi
>
> can you confirm it works without the security manager enabled?
>
> Also can you check connecting on the JVM through JMX that the right
policy
> file is used and tomcat didn't override the one you thought using?
>
> Romain Manni-Bucau
> @rmannibucau <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> > | Blog
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> > | Old Blog
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> > | Github <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> > |
> LinkedIn <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> > | Book
> <
>
>
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
>
>
> Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
>
> > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > dir="apps" /> remains commented).
> >
> > Ross
> >
> >
> >
> > From: "Jonathan Gallimore" <jo...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/27/2018 12:22 PM
> > Subject: Re: EAR deployment
> >
> >
> >
> > Hi
> >
> > What version of TomEE are you running?
> >
> > Are you deploying your EAR from webapps, or from apps with
<Deployments
> > dir="apps" /> added in tomee.xml?
> >
> > Regards
> >
> > Jon
> >
> > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> >
> > > I seem unable to deploy EARs. I have set the catalina.policy to:
> > > grant {
> > > permission java.security.AllPermission;
> > > };
> > >
> > > I have set the work directory to "work" (and at deploy see the
> exploded
> > > EAR there).
> > >
> > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > unpackWARs to true.
> > >
> > > On deploy, at first matters look promising. It unpacks,
initializes
> my
> > > EJBs, then I get single AccessContorlException (RuntimePermistion),
> > > followed by an infinitely repeating (every 5 seconds or so) access
> > control
> > > exception (FilePermission).
> > >
> > >
> > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > ejb-name=CloseEventsBean,
> > > container=Default Singleton Container)
> > > Jun 26, 2018 11:41:40 AM
> org.apache.openejb.assembler.classic.Assembler
> > > startEjbs
> > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > ejb-name=ManagerReminderBean, container=Default Singleton Container)
> > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > SEVERE: Exception invoking periodic operation:
> > > java.security.AccessControlException: access denied
> > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > at
> > > java.security.AccessControlContext.checkPermission(
> > > AccessControlContext.java:472)
> > > at
> > >
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > > at
> > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > at
> > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > at
> > >
org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > at
> > >
> >
>
org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > > at
> > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > > at
> > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > TomcatWebAppBuilder.java:2233)
> > > at
> > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > GlobalListenerSupport.java:141)
> > > at
> > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > LifecycleBase.java:94)
> > > at
> > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > ContainerBase.java:1164)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1388)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1392)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > run(ContainerBase.java:1360)
> > > at java.lang.Thread.run(Thread.java:748)
> > >
> > >
> > >
> > > Below is the repeating exception.
> > >
> > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > SEVERE: Exception invoking periodic operation:
> > > java.security.AccessControlException: access denied
> > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> > "read")
> > > at
> > > java.security.AccessControlContext.checkPermission(
> > > AccessControlContext.java:472)
> > > at
> > >
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > > at
> > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > at
> java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > at java.io.File.exists(File.java:814)
> > > at
> > > org.apache.catalina.startup.HostConfig.checkResources(
> > > HostConfig.java:1296)
> > > at
> > > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > > at
> > >
> >
>
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > > at
> > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > LifecycleBase.java:94)
> > > at
> > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > ContainerBase.java:1164)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1388)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1392)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > run(ContainerBase.java:1360)
> > > at java.lang.Thread.run(Thread.java:748)
> > >
> > >
> > >
> > > What am I missing? I can see that the exception implies additional
> > > permissions, but why doesn't my blanket grant of all permission in
the
> > > catalina policy file cover this?
> > >
> > > Ross
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential
> or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or
> the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message
or
> > any
> > > attachments. Please notify the sender immediately by return e-mail
or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > Spam:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > Not spam:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > Forget vote:
> >
> >
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential
or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or
the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified
that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 05W3USVJt) is spam:
> Spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> Not spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> Forget vote:
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or
entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if
this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or
any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 02W4fkxqC) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=02W4fkxqC&m=d2fb064f979c&t=20180628
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=02W4fkxqC&m=d2fb064f979c&t=20180628
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=02W4fkxqC&m=d2fb064f979c&t=20180628
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Romain Manni-Bucau <rm...@gmail.com>.
I think you can check it in the JVM info in system properties (VM Summary)
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le jeu. 28 juin 2018 à 17:19, <rc...@e1b.org> a écrit :
> So:
>
> 1. With the security manager disabled, the ear deploys fine, ejb's
> instantitiate, initialize, etc -- no errors at all!
>
> 2. I connected to the running jvm with jmx, and poked around for a while,
> but could not find where it specified the policy file Tomcat was using.
> Can I get a hint as to where this info is?
>
> Thanks,
> Ross
>
>
>
> From: "Romain Manni-Bucau" <rm...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/27/2018 04:54 PM
> Subject: Re: EAR deployment
>
>
>
> Hi
>
> can you confirm it works without the security manager enabled?
>
> Also can you check connecting on the JVM through JMX that the right policy
> file is used and tomcat didn't override the one you thought using?
>
> Romain Manni-Bucau
> @rmannibucau <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> > | Blog
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> > | Old Blog
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> > | Github <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> > |
> LinkedIn <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> > | Book
> <
>
> https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
> >
>
>
> Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
>
> > I'm running 7.0.4. I have been deploying to webapps (<Deployments
> > dir="apps" /> remains commented).
> >
> > Ross
> >
> >
> >
> > From: "Jonathan Gallimore" <jo...@gmail.com>
> > To: users@tomee.apache.org,
> > Date: 06/27/2018 12:22 PM
> > Subject: Re: EAR deployment
> >
> >
> >
> > Hi
> >
> > What version of TomEE are you running?
> >
> > Are you deploying your EAR from webapps, or from apps with <Deployments
> > dir="apps" /> added in tomee.xml?
> >
> > Regards
> >
> > Jon
> >
> > On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> >
> > > I seem unable to deploy EARs. I have set the catalina.policy to:
> > > grant {
> > > permission java.security.AllPermission;
> > > };
> > >
> > > I have set the work directory to "work" (and at deploy see the
> exploded
> > > EAR there).
> > >
> > > Also I have set deployOnStartup to false, autoDeploy to true, and
> > > unpackWARs to true.
> > >
> > > On deploy, at first matters look promising. It unpacks, initializes
> my
> > > EJBs, then I get single AccessContorlException (RuntimePermistion),
> > > followed by an infinitely repeating (every 5 seconds or so) access
> > control
> > > exception (FilePermission).
> > >
> > >
> > > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > > ejb-name=CloseEventsBean,
> > > container=Default Singleton Container)
> > > Jun 26, 2018 11:41:40 AM
> org.apache.openejb.assembler.classic.Assembler
> > > startEjbs
> > > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > > ejb-name=ManagerReminderBean, container=Default Singleton Container)
> > > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > SEVERE: Exception invoking periodic operation:
> > > java.security.AccessControlException: access denied
> > > ("java.lang.RuntimePermission" "setContextClassLoader")
> > > at
> > > java.security.AccessControlContext.checkPermission(
> > > AccessControlContext.java:472)
> > > at
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > at
> > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > > at
> > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > > at
> > > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > > at
> > >
> >
> org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > > at
> > > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > > at
> > > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > > TomcatWebAppBuilder.java:2233)
> > > at
> > > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > > GlobalListenerSupport.java:141)
> > > at
> > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > LifecycleBase.java:94)
> > > at
> > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > ContainerBase.java:1164)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1388)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1392)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > run(ContainerBase.java:1360)
> > > at java.lang.Thread.run(Thread.java:748)
> > >
> > >
> > >
> > > Below is the repeating exception.
> > >
> > > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> > > SEVERE: Exception invoking periodic operation:
> > > java.security.AccessControlException: access denied
> > > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> > "read")
> > > at
> > > java.security.AccessControlContext.checkPermission(
> > > AccessControlContext.java:472)
> > > at
> > >
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > > at
> > > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > > at
> java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > > at java.io.File.exists(File.java:814)
> > > at
> > > org.apache.catalina.startup.HostConfig.checkResources(
> > > HostConfig.java:1296)
> > > at
> > > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > > at
> > >
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > > at
> > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > > LifecycleBase.java:94)
> > > at
> > > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > > ContainerBase.java:1164)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1388)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > processChildren(ContainerBase.java:1392)
> > > at
> > > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > > run(ContainerBase.java:1360)
> > > at java.lang.Thread.run(Thread.java:748)
> > >
> > >
> > >
> > > What am I missing? I can see that the exception implies additional
> > > permissions, but why doesn't my blanket grant of all permission in the
> > > catalina policy file cover this?
> > >
> > > Ross
> > >
> > >
> > > Confidentiality Notice:
> > > This electronic message and any attachments may contain confidential
> or
> > > privileged information, and is intended only for the individual or
> > entity
> > > identified above as the addressee. If you are not the addressee (or
> the
> > > employee or agent responsible to deliver it to the addressee), or if
> > this
> > > message has been addressed to you in error, you are hereby notified
> that
> > > you may not copy, forward, disclose or use any part of this message or
> > any
> > > attachments. Please notify the sender immediately by return e-mail or
> > > telephone and delete this message from your system.
> > >
> >
> >
> > --
> > BEGIN-ANTISPAM-VOTING-LINKS
> > ------------------------------------------------------
> >
> > Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> > Spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > Not spam:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > Forget vote:
> >
> >
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> >
> > ------------------------------------------------------
> > END-ANTISPAM-VOTING-LINKS
> >
> >
> >
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 05W3USVJt) is spam:
> Spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> Not spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> Forget vote:
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
So:
1. With the security manager disabled, the ear deploys fine, ejb's
instantitiate, initialize, etc -- no errors at all!
2. I connected to the running jvm with jmx, and poked around for a while,
but could not find where it specified the policy file Tomcat was using.
Can I get a hint as to where this info is?
Thanks,
Ross
From: "Romain Manni-Bucau" <rm...@gmail.com>
To: users@tomee.apache.org,
Date: 06/27/2018 04:54 PM
Subject: Re: EAR deployment
Hi
can you confirm it works without the security manager enabled?
Also can you check connecting on the JVM through JMX that the right policy
file is used and tomcat didn't override the one you thought using?
Romain Manni-Bucau
@rmannibucau <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly90d2l0dGVyLmNvbS9ybWFubmlidWNhdQ%3D%3D&_s=ZXJpZTE%3D&_c=7b6344b3
> | Blog
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9ybWFubmlidWNhdS5tZXRhd2VyeC5uZXQv&_s=ZXJpZTE%3D&_c=03b3f7d2
> | Old Blog
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cDovL3JtYW5uaWJ1Y2F1LndvcmRwcmVzcy5jb20%3D&_s=ZXJpZTE%3D&_c=7ac52c4b
> | Github <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly9naXRodWIuY29tL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=d53ffcf9
> |
LinkedIn <
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2luL3JtYW5uaWJ1Y2F1&_s=ZXJpZTE%3D&_c=aff046f7
> | Book
<
https://milton-web.wnyric.org/canit/urlproxy.php?_q=aHR0cHM6Ly93d3cucGFja3RwdWIuY29tL2FwcGxpY2F0aW9uLWRldmVsb3BtZW50L2phdmEtZWUtOC1oaWdoLXBlcmZvcm1hbmNl&_s=ZXJpZTE%3D&_c=5ede79c4
>
Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> I'm running 7.0.4. I have been deploying to webapps (<Deployments
> dir="apps" /> remains commented).
>
> Ross
>
>
>
> From: "Jonathan Gallimore" <jo...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/27/2018 12:22 PM
> Subject: Re: EAR deployment
>
>
>
> Hi
>
> What version of TomEE are you running?
>
> Are you deploying your EAR from webapps, or from apps with <Deployments
> dir="apps" /> added in tomee.xml?
>
> Regards
>
> Jon
>
> On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
>
> > I seem unable to deploy EARs. I have set the catalina.policy to:
> > grant {
> > permission java.security.AllPermission;
> > };
> >
> > I have set the work directory to "work" (and at deploy see the
exploded
> > EAR there).
> >
> > Also I have set deployOnStartup to false, autoDeploy to true, and
> > unpackWARs to true.
> >
> > On deploy, at first matters look promising. It unpacks, initializes
my
> > EJBs, then I get single AccessContorlException (RuntimePermistion),
> > followed by an infinitely repeating (every 5 seconds or so) access
> control
> > exception (FilePermission).
> >
> >
> > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > ejb-name=CloseEventsBean,
> > container=Default Singleton Container)
> > Jun 26, 2018 11:41:40 AM
org.apache.openejb.assembler.classic.Assembler
> > startEjbs
> > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > ejb-name=ManagerReminderBean, container=Default Singleton Container)
> > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> > SEVERE: Exception invoking periodic operation:
> > java.security.AccessControlException: access denied
> > ("java.lang.RuntimePermission" "setContextClassLoader")
> > at
> > java.security.AccessControlContext.checkPermission(
> > AccessControlContext.java:472)
> > at
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > at
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > at
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > at
> >
>
org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > at
> > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > at
> > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > TomcatWebAppBuilder.java:2233)
> > at
> > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > GlobalListenerSupport.java:141)
> > at
> > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > LifecycleBase.java:94)
> > at
> > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > ContainerBase.java:1164)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1388)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1392)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > run(ContainerBase.java:1360)
> > at java.lang.Thread.run(Thread.java:748)
> >
> >
> >
> > Below is the repeating exception.
> >
> > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> > SEVERE: Exception invoking periodic operation:
> > java.security.AccessControlException: access denied
> > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> "read")
> > at
> > java.security.AccessControlContext.checkPermission(
> > AccessControlContext.java:472)
> > at
> >
>
java.security.AccessController.checkPermission(AccessController.java:884)
> > at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > at
java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > at java.io.File.exists(File.java:814)
> > at
> > org.apache.catalina.startup.HostConfig.checkResources(
> > HostConfig.java:1296)
> > at
> > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > at
> >
>
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > at
> > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > LifecycleBase.java:94)
> > at
> > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > ContainerBase.java:1164)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1388)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1392)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > run(ContainerBase.java:1360)
> > at java.lang.Thread.run(Thread.java:748)
> >
> >
> >
> > What am I missing? I can see that the exception implies additional
> > permissions, but why doesn't my blanket grant of all permission in the
> > catalina policy file cover this?
> >
> > Ross
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential
or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or
the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified
that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> Spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> Not spam:
>
>
https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> Forget vote:
>
>
https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or
entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if
this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or
any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 05W3USVJt) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=05W3USVJt&m=03c723824a9b&t=20180627
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=05W3USVJt&m=03c723824a9b&t=20180627
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=05W3USVJt&m=03c723824a9b&t=20180627
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
can you confirm it works without the security manager enabled?
Also can you check connecting on the JVM through JMX that the right policy
file is used and tomcat didn't override the one you thought using?
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le mer. 27 juin 2018 à 19:12, <rc...@e1b.org> a écrit :
> I'm running 7.0.4. I have been deploying to webapps (<Deployments
> dir="apps" /> remains commented).
>
> Ross
>
>
>
> From: "Jonathan Gallimore" <jo...@gmail.com>
> To: users@tomee.apache.org,
> Date: 06/27/2018 12:22 PM
> Subject: Re: EAR deployment
>
>
>
> Hi
>
> What version of TomEE are you running?
>
> Are you deploying your EAR from webapps, or from apps with <Deployments
> dir="apps" /> added in tomee.xml?
>
> Regards
>
> Jon
>
> On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
>
> > I seem unable to deploy EARs. I have set the catalina.policy to:
> > grant {
> > permission java.security.AllPermission;
> > };
> >
> > I have set the work directory to "work" (and at deploy see the exploded
> > EAR there).
> >
> > Also I have set deployOnStartup to false, autoDeploy to true, and
> > unpackWARs to true.
> >
> > On deploy, at first matters look promising. It unpacks, initializes my
> > EJBs, then I get single AccessContorlException (RuntimePermistion),
> > followed by an infinitely repeating (every 5 seconds or so) access
> control
> > exception (FilePermission).
> >
> >
> > INFO: Created Ejb(deployment-id=CloseEventsBean,
> > ejb-name=CloseEventsBean,
> > container=Default Singleton Container)
> > Jun 26, 2018 11:41:40 AM org.apache.openejb.assembler.classic.Assembler
> > startEjbs
> > INFO: Created Ejb(deployment-id=ManagerReminderBean,
> > ejb-name=ManagerReminderBean, container=Default Singleton Container)
> > Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> > SEVERE: Exception invoking periodic operation:
> > java.security.AccessControlException: access denied
> > ("java.lang.RuntimePermission" "setContextClassLoader")
> > at
> > java.security.AccessControlContext.checkPermission(
> > AccessControlContext.java:472)
> > at
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> > at
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> > at
> > org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> > at
> >
> org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> > at
> > org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> > at org.apache.openejb.util.Logger.warning(Logger.java:646)
> > at
> > org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> > TomcatWebAppBuilder.java:2233)
> > at
> > org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> > GlobalListenerSupport.java:141)
> > at
> > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > LifecycleBase.java:94)
> > at
> > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > ContainerBase.java:1164)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1388)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1392)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > run(ContainerBase.java:1360)
> > at java.lang.Thread.run(Thread.java:748)
> >
> >
> >
> > Below is the repeating exception.
> >
> > Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> > SEVERE: Exception invoking periodic operation:
> > java.security.AccessControlException: access denied
> > ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
> "read")
> > at
> > java.security.AccessControlContext.checkPermission(
> > AccessControlContext.java:472)
> > at
> >
> java.security.AccessController.checkPermission(AccessController.java:884)
> > at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> > at java.io.File.exists(File.java:814)
> > at
> > org.apache.catalina.startup.HostConfig.checkResources(
> > HostConfig.java:1296)
> > at
> > org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> > at
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> > at
> > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> > LifecycleBase.java:94)
> > at
> > org.apache.catalina.core.ContainerBase.backgroundProcess(
> > ContainerBase.java:1164)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1388)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > processChildren(ContainerBase.java:1392)
> > at
> > org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> > run(ContainerBase.java:1360)
> > at java.lang.Thread.run(Thread.java:748)
> >
> >
> >
> > What am I missing? I can see that the exception implies additional
> > permissions, but why doesn't my blanket grant of all permission in the
> > catalina policy file cover this?
> >
> > Ross
> >
> >
> > Confidentiality Notice:
> > This electronic message and any attachments may contain confidential or
> > privileged information, and is intended only for the individual or
> entity
> > identified above as the addressee. If you are not the addressee (or the
> > employee or agent responsible to deliver it to the addressee), or if
> this
> > message has been addressed to you in error, you are hereby notified that
> > you may not copy, forward, disclose or use any part of this message or
> any
> > attachments. Please notify the sender immediately by return e-mail or
> > telephone and delete this message from your system.
> >
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 01W3QmO1O) is spam:
> Spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> Not spam:
>
> https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> Forget vote:
>
> https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
>
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
Re: EAR deployment
Posted by rc...@e1b.org.
I'm running 7.0.4. I have been deploying to webapps (<Deployments
dir="apps" /> remains commented).
Ross
From: "Jonathan Gallimore" <jo...@gmail.com>
To: users@tomee.apache.org,
Date: 06/27/2018 12:22 PM
Subject: Re: EAR deployment
Hi
What version of TomEE are you running?
Are you deploying your EAR from webapps, or from apps with <Deployments
dir="apps" /> added in tomee.xml?
Regards
Jon
On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> I seem unable to deploy EARs. I have set the catalina.policy to:
> grant {
> permission java.security.AllPermission;
> };
>
> I have set the work directory to "work" (and at deploy see the exploded
> EAR there).
>
> Also I have set deployOnStartup to false, autoDeploy to true, and
> unpackWARs to true.
>
> On deploy, at first matters look promising. It unpacks, initializes my
> EJBs, then I get single AccessContorlException (RuntimePermistion),
> followed by an infinitely repeating (every 5 seconds or so) access
control
> exception (FilePermission).
>
>
> INFO: Created Ejb(deployment-id=CloseEventsBean,
> ejb-name=CloseEventsBean,
> container=Default Singleton Container)
> Jun 26, 2018 11:41:40 AM org.apache.openejb.assembler.classic.Assembler
> startEjbs
> INFO: Created Ejb(deployment-id=ManagerReminderBean,
> ejb-name=ManagerReminderBean, container=Default Singleton Container)
> Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> SEVERE: Exception invoking periodic operation:
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "setContextClassLoader")
> at
> java.security.AccessControlContext.checkPermission(
> AccessControlContext.java:472)
> at
>
java.security.AccessController.checkPermission(AccessController.java:884)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> at
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> at
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> at
>
org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> at
> org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> at org.apache.openejb.util.Logger.warning(Logger.java:646)
> at
> org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> TomcatWebAppBuilder.java:2233)
> at
> org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> GlobalListenerSupport.java:141)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> LifecycleBase.java:94)
> at
> org.apache.catalina.core.ContainerBase.backgroundProcess(
> ContainerBase.java:1164)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1388)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1392)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> run(ContainerBase.java:1360)
> at java.lang.Thread.run(Thread.java:748)
>
>
>
> Below is the repeating exception.
>
> Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> SEVERE: Exception invoking periodic operation:
> java.security.AccessControlException: access denied
> ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war"
"read")
> at
> java.security.AccessControlContext.checkPermission(
> AccessControlContext.java:472)
> at
>
java.security.AccessController.checkPermission(AccessController.java:884)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at java.io.File.exists(File.java:814)
> at
> org.apache.catalina.startup.HostConfig.checkResources(
> HostConfig.java:1296)
> at
> org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> at
>
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> LifecycleBase.java:94)
> at
> org.apache.catalina.core.ContainerBase.backgroundProcess(
> ContainerBase.java:1164)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1388)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1392)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> run(ContainerBase.java:1360)
> at java.lang.Thread.run(Thread.java:748)
>
>
>
> What am I missing? I can see that the exception implies additional
> permissions, but why doesn't my blanket grant of all permission in the
> catalina policy file cover this?
>
> Ross
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or
entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if
this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or
any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>
--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------
Teach CanIt if this mail (ID 01W3QmO1O) is spam:
Spam:
https://milton-web.wnyric.org/canit/b.php?c=s&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
Not spam:
https://milton-web.wnyric.org/canit/b.php?c=n&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
Forget vote:
https://milton-web.wnyric.org/canit/b.php?c=f&i=01W3QmO1O&m=2bb7a21db8c9&t=20180627
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Re: EAR deployment
Posted by Jonathan Gallimore <jo...@gmail.com>.
Hi
What version of TomEE are you running?
Are you deploying your EAR from webapps, or from apps with <Deployments
dir="apps" /> added in tomee.xml?
Regards
Jon
On Wed, Jun 27, 2018 at 5:15 PM, <rc...@e1b.org> wrote:
> I seem unable to deploy EARs. I have set the catalina.policy to:
> grant {
> permission java.security.AllPermission;
> };
>
> I have set the work directory to "work" (and at deploy see the exploded
> EAR there).
>
> Also I have set deployOnStartup to false, autoDeploy to true, and
> unpackWARs to true.
>
> On deploy, at first matters look promising. It unpacks, initializes my
> EJBs, then I get single AccessContorlException (RuntimePermistion),
> followed by an infinitely repeating (every 5 seconds or so) access control
> exception (FilePermission).
>
>
> INFO: Created Ejb(deployment-id=CloseEventsBean,
> ejb-name=CloseEventsBean,
> container=Default Singleton Container)
> Jun 26, 2018 11:41:40 AM org.apache.openejb.assembler.classic.Assembler
> startEjbs
> INFO: Created Ejb(deployment-id=ManagerReminderBean,
> ejb-name=ManagerReminderBean, container=Default Singleton Container)
> Jun 26, 2018 11:41:40 AM sun.reflect.NativeMethodAccessorImpl invoke
> SEVERE: Exception invoking periodic operation:
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "setContextClassLoader")
> at
> java.security.AccessControlContext.checkPermission(
> AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.Thread.setContextClassLoader(Thread.java:1474)
> at
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:94)
> at
> org.apache.openejb.log.LoggerCreator$Get.exec(LoggerCreator.java:105)
> at
> org.apache.openejb.util.JuliLogStream.isWarnEnabled(JuliLogStream.java:61)
> at
> org.apache.openejb.util.Logger.isWarningEnabled(Logger.java:425)
> at org.apache.openejb.util.Logger.warning(Logger.java:646)
> at
> org.apache.tomee.catalina.TomcatWebAppBuilder.checkHost(
> TomcatWebAppBuilder.java:2233)
> at
> org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(
> GlobalListenerSupport.java:141)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> LifecycleBase.java:94)
> at
> org.apache.catalina.core.ContainerBase.backgroundProcess(
> ContainerBase.java:1164)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1388)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1392)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> run(ContainerBase.java:1360)
> at java.lang.Thread.run(Thread.java:748)
>
>
>
> Below is the repeating exception.
>
> Jun 26, 2018 11:41:50 AM sun.reflect.NativeMethodAccessorImpl invoke
> SEVERE: Exception invoking periodic operation:
> java.security.AccessControlException: access denied
> ("java.io.FilePermission" "C:\IBM\liferay\tomee\webapps\ROOT.war" "read")
> at
> java.security.AccessControlContext.checkPermission(
> AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at java.io.File.exists(File.java:814)
> at
> org.apache.catalina.startup.HostConfig.checkResources(
> HostConfig.java:1296)
> at
> org.apache.catalina.startup.HostConfig.check(HostConfig.java:1623)
> at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(
> LifecycleBase.java:94)
> at
> org.apache.catalina.core.ContainerBase.backgroundProcess(
> ContainerBase.java:1164)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1388)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> processChildren(ContainerBase.java:1392)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.
> run(ContainerBase.java:1360)
> at java.lang.Thread.run(Thread.java:748)
>
>
>
> What am I missing? I can see that the exception implies additional
> permissions, but why doesn't my blanket grant of all permission in the
> catalina policy file cover this?
>
> Ross
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
>