[jira] [Commented] (FELIX-5204) IllegalStateException when using custom URL handlers for bundles

Wed, 02 Mar 2016 06:58:27 -0800 

    [ 
https://issues.apache.org/jira/browse/FELIX-5204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175719#comment-15175719
 ] 

Guillaume Nodet commented on FELIX-5204:
----------------------------------------

We use the Mina SSHD server in Karaf.
The problem happens when we restart the framework without restarting the JVM.  
The reason is that the javax.crypto package has some internal cache about 
Cipher providers.  The providers are cached by the protection domain source 
code url.

See 
http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/9b8c96f96a0f/src/share/classes/javax/crypto/JceSecurityManager.java#l79

Here's what happens:
  * the JVM starts, the OSGi framework starts, the SSH bundle is installed with 
a {{mvn:org.apache.sshd/sshd-core/1.0.0}} url (the url handler is an OSGi url 
handler, so provided by a pax-url bundle)
  * when the SSH server starts, the JceSecurityManager caches the Cipher 
provider with this url
  * the framework is restarted
  * when the SSH server starts again, the JceSecurityManager calls {{get}} on 
the cache indexed by the URL, but the URL in the cache is no longer valid and 
the {{URLHandlersStreamHandlerProxy.equals}} throws the exception indicated

This obviously only happen when the bundle is installed with a 
{{mvn:org.apache.sshd/sshd-core/1.0.0}} and not a 
{{file:system/org/apache/sshd/sshd-core/1.0.0/sshd-core-1.0.0.jar}} url.

I think it's a bad idea that the BundleProtectionDomain uses a URL which may 
not be valid after the framework is shutdown. My initial thinking was to use 
the jar bundle revision path instead, something like 
{{file:data/cache/bundle32/11.0/bundle.jar}}.
It seems that's the way Equinox works fwiw.
Especially, if the bundle is updated, I think the 2 code source should be 
different, and using the original location used to install / update the url 
does not bring this guarantee.  Using the bundle revision instead seems cleaner 
to me.

> IllegalStateException when using custom URL handlers for bundles
> ----------------------------------------------------------------
>
>                 Key: FELIX-5204
>                 URL: https://issues.apache.org/jira/browse/FELIX-5204
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: framework-5.4.0
>            Reporter: Guillaume Nodet
>            Assignee: Guillaume Nodet
>             Fix For: framework-5.6.0
>
>
> The following exception can happen after having restarted the whole framework.
> {code}
> java.lang.IllegalStateException: Stream handler unavailable.
>       at 
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.getDefaultPort(URLHandlersStreamHandlerProxy.java:180)
>       at java.net.URLStreamHandler.sameFile(URLStreamHandler.java:407)
>       at 
> org.osgi.service.url.AbstractURLStreamHandlerService.sameFile(AbstractURLStreamHandlerService.java:131)
>       at java.net.URLStreamHandler.equals(URLStreamHandler.java:333)
>       at 
> org.osgi.service.url.AbstractURLStreamHandlerService.equals(AbstractURLStreamHandlerService.java:81)
>       at 
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.equals(URLHandlersStreamHandlerProxy.java:163)
>       at java.net.URL.equals(URL.java:870)
>       at 
> java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940)
>       at 
> javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:124)
>       at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2587)
>       at javax.crypto.Cipher.initCryptoPermission(Cipher.java:700)
>       at javax.crypto.Cipher.chooseProvider(Cipher.java:863)
>       at javax.crypto.Cipher.init(Cipher.java:1396)
>       at javax.crypto.Cipher.init(Cipher.java:1327)
>       at org.apache.sshd.common.cipher.BaseCipher.init(BaseCipher.java:60)
>       at org.apache.karaf.shell.ssh.SshUtils.buildCiphers(SshUtils.java:89)
>       at 
> org.apache.karaf.shell.ssh.Activator.createSshServer(Activator.java:183)
>       at org.apache.karaf.shell.ssh.Activator.doStart(Activator.java:111)
>       at 
> org.apache.karaf.util.tracker.BaseActivator.run(BaseActivator.java:233)
>       at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>       at java.lang.Thread.run(Thread.java:745)
> {code}
> The problems seems to be that the ProtectionDomain of the classes loaded from 
> bundles do use the URL handler as their code source.  This means that any 
> access to those URL will throw IllegalStateException after the framework has 
> been shutdown.
> The protection domain should use the url the jar from the filesystem for the 
> code source url instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to