Getting Around a SecurityManager "access denied": CXF + Geronimo + Tomcat

I was trying to get Spring, CXF, and Geronimo to cooperate with each other over the past two days, an application I’m working on is in serious need of an XA transaction that spans both JMS and JDBC, and it is one of many critical factors that has forced the project to consider moving to a real application server (and not just a servlet container). The WAR I was trying to deploy, was using CXF 2.0 with some Spring configuration, it worked perfectly with plain-old Tomcat 6.0, but when I deployed it to Geronimo, it kept on throwing security exceptions.

  // ... spring stuff ...
  // ... more spring stuff ...

I spent some time Googling, but I couldn’t find much more than some suggestions to all a specific policy to the security.policy that Geromino was running in. I looked around for another day, but couldn’t find any clear, concise instructions…. so I stumbled around for a while just trying to get Geronimo to execute Tomcat with the appropriate policy.

Running out of patience, I decided to look at the Geronimo Console’s JVM page. That is when I found the magic property:
“org.apache.cxf.jaxws.checkPublishEndpointPermission”. I’m using Geronimo 2.0.2 at the moment, if you put:


Then CXF will not throw a SecurityException when Spring tries to start up a jaxws endpoint. It seems to work, I’m blogging this because it is clear others have had the same problem, maybe they can find a solution here.