[jira] Commented: (FELIX-1101) framework.security can't be built or run against Felix 1.6

Wed, 25 Nov 2009 10:21:10 -0800 

    [ 
https://issues.apache.org/jira/browse/FELIX-1101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782541#action_12782541
 ] 

Ulf Dittmer commented on FELIX-1101:
------------------------------------

A quick test indicates that it works as advertised. One change I observe from 
previous versions is that bundles loaded while PA/CPA is active now require a 
java.lang.RuntimePermission for "getClassLoader" - that wasn't the case before. 
It's possible that that's OK as per the spec, but it seemed like an odd -and 
rather dangerous- permission to have to grant to random bundles, and since it 
was't needed before I thought I'd mention it. I'm attaching the stack trace I 
get if the permission is not granted; "plugin1.PlusOne" is the bundle class 
implementing BundleActivator, and "host.Main" is the application class that 
tries to load the bundle.

     [java] java.security.AccessControlException: access denied 
(java.lang.RuntimePermission getClassLoader)
     [java]     at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
     [java]     at 
java.security.AccessController.checkPermission(AccessController.java:427)
     [java]     at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
     [java]     at java.lang.Class.getClassLoader(Class.java:588)
     [java]     at 
org.apache.felix.framework.util.Util.loadClassUsingClass(Util.java:168)
     [java]     at 
org.apache.felix.framework.Felix.registerService(Felix.java:2696)
     [java]     at 
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:252)
     [java]     at 
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:230)
     [java]     at plugin1.PlusOne.start(PlusOne.java:24)
     [java]     at 
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1262)
     [java]     at java.security.AccessController.doPrivileged(Native Method)
     [java]     at 
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:631)
     [java]     at 
org.apache.felix.framework.Felix.activateBundle(Felix.java:1700)
     [java]     at org.apache.felix.framework.Felix.startBundle(Felix.java:1622)
     [java]     at 
org.apache.felix.framework.BundleImpl.start(BundleImpl.java:915)
     [java]     at 
org.apache.felix.framework.BundleImpl.start(BundleImpl.java:902)
     [java]     at host.Main.fileNew(Main.java:98)


> framework.security can't be built or run against Felix 1.6
> ----------------------------------------------------------
>
>                 Key: FELIX-1101
>                 URL: https://issues.apache.org/jira/browse/FELIX-1101
>             Project: Felix
>          Issue Type: Bug
>          Components: Conditional Permission Admin, Permission Admin
>    Affects Versions: felix-1.6.0
>            Reporter: Ulf Dittmer
>            Assignee: Karl Pauls
>         Attachments: framework-security.zip, security.diff
>
>
> The org.apache.felix.framework.SecurityActivator and 
> org.apache.felix.framework.SecurityProviderImpl classes have a dependency on 
> the org.apache.felix.framework.FelixBundle class, which seems to have been 
> removed since Felix 1.4 (which, BTW, works fine with the PermissionAdmin 
> service).
> Most -but not all- of the required methods seem to be available in 
> org.apache.felix.framework.BundleImpl now. Further changes involve using 
> IModule instead of IContentLoader.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to