[
https://issues.apache.org/jira/browse/FELIX-5385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guillaume Nodet updated FELIX-5385:
-----------------------------------
Fix Version/s: configadmin-1.9.0
> ConfigAdmin uses wrong security when calling ManagedServices
> ------------------------------------------------------------
>
> Key: FELIX-5385
> URL: https://issues.apache.org/jira/browse/FELIX-5385
> Project: Felix
> Issue Type: Bug
> Affects Versions: configadmin-1.8.0
> Reporter: Guillaume Nodet
> Fix For: configadmin-1.9.0
>
>
> When a ManagedService (which bundles has all permissions) is called, we end
> up with the following exception.
> The reason is that all code protection domain need to have the permission to
> actually grant the permission, and ConfigAdmin has very restricted
> permissions. A DomainCombiner should be used to only apply the bundle's
> permission to the call.
> {code}
> 10:43:43.543 [CM Configuration Updater (ManagedService Update:
> pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin -
> [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService,
> org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService,
> id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]:
> Unexpected problem updating configuration org.ops4j.pax.logging
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "getClassLoader")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> [?:?]
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
> [?:?]
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> [?:?]
> at
> java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?]
> at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?]
> at
> org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150)
> [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> at
> org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408)
> [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> at
> org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177)
> [6:org.apache.felix.configadmin:1.8.8]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at
> org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173)
> [6:org.apache.felix.configadmin:1.8.8]
> at
> org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152)
> [6:org.apache.felix.configadmin:1.8.8]
> at
> org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85)
> [6:org.apache.felix.configadmin:1.8.8]
> at
> org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444)
> [6:org.apache.felix.configadmin:1.8.8]
> at
> org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400)
> [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131)
> [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128)
> [6:org.apache.felix.configadmin:1.8.8]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127)
> [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110)
> [6:org.apache.felix.configadmin:1.8.8]
> at java.lang.Thread.run(Thread.java:745) [?:?]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
