Details
L3 - Default Description
When camunda-bpm-tomcat-7.11.0 (tomcat 9.0.19, java sun 1.8 [mac os]) is launched with catalina "-security" option (enabled security manager) /camunda application fails to handle any requests with error:
Caused by: org.apache.ibatis.ognl.OgnlException: shouldPerformAuthorizatioCheck [java.lang.IllegalAccessException: Method [public boolean org.camunda.bpm.engine.impl.db.AuthorizationCheck.getShouldPerformAuthorizatioCheck()] cannot be accessed.]
I did add additional grants:
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.util.PropertyPermission "user.dir", "read"; // CUSTOM permission java.lang.RuntimePermission "accessDeclaredMembers"; // CUSTOM // continue as in original catalina.policy } // continue as in original catalina.policy grant { permission java.lang.RuntimePermission "accessDeclaredMembers"; // CUSTOM permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // CUSTOM permission java.util.PropertyPermission "com.fasterxml.jackson.core.util.BufferRecyclers.trackReusableBuffers", "read"; // CUSTOM permission java.util.PropertyPermission "resteasy.allowGzip", "read"; // CUSTOM // all other grants as originally in catalina policy } // all other grants as originally in catalina policy
Stack trace and policy attached.
Adding Runtime, Reflect wildcard permissions "*" does result in the same issue. Seems current camunda package does not works with SecurityManager enabled or only with AllPermission - which defeats the purpose.