[ https://issues.apache.org/jira/browse/FELIX-5385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guillaume Nodet updated FELIX-5385: ----------------------------------- Fix Version/s: configadmin-1.9.0 > ConfigAdmin uses wrong security when calling ManagedServices > ------------------------------------------------------------ > > Key: FELIX-5385 > URL: https://issues.apache.org/jira/browse/FELIX-5385 > Project: Felix > Issue Type: Bug > Affects Versions: configadmin-1.8.0 > Reporter: Guillaume Nodet > Fix For: configadmin-1.9.0 > > > When a ManagedService (which bundles has all permissions) is called, we end > up with the following exception. > The reason is that all code protection domain need to have the permission to > actually grant the permission, and ConfigAdmin has very restricted > permissions. A DomainCombiner should be used to only apply the bundle's > permission to the call. > {code} > 10:43:43.543 [CM Configuration Updater (ManagedService Update: > pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin - > [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService, > org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, > id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]: > Unexpected problem updating configuration org.ops4j.pax.logging > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > [?:?] > at > java.security.AccessController.checkPermission(AccessController.java:884) > [?:?] > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > [?:?] > at > java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?] > at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?] > at > org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150) > [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT] > at > org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408) > [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT] > at > org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177) > [6:org.apache.felix.configadmin:1.8.8] > at java.security.AccessController.doPrivileged(Native Method) ~[?:?] > at > org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173) > [6:org.apache.felix.configadmin:1.8.8] > at > org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152) > [6:org.apache.felix.configadmin:1.8.8] > at > org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85) > [6:org.apache.felix.configadmin:1.8.8] > at > org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444) > [6:org.apache.felix.configadmin:1.8.8] > at > org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400) > [6:org.apache.felix.configadmin:1.8.8] > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) > [6:org.apache.felix.configadmin:1.8.8] > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) > [6:org.apache.felix.configadmin:1.8.8] > at java.security.AccessController.doPrivileged(Native Method) ~[?:?] > at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) > [6:org.apache.felix.configadmin:1.8.8] > at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) > [6:org.apache.felix.configadmin:1.8.8] > at java.lang.Thread.run(Thread.java:745) [?:?] > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)