Timothy Ward created FELIX-5978: ----------------------------------- Summary: Felix framework unable to retrieve custom URL handlers when security is on Key: FELIX-5978 URL: https://issues.apache.org/jira/browse/FELIX-5978 Project: Felix Issue Type: Bug Affects Versions: framework-6.0.1, framework-6.0.0 Reporter: Timothy Ward Fix For: framework-6.0.2
When running with multiple frameworks in the same VM, custom URL Handlers, and OSGi security on there are a couple of problems: Firstly, this security exception results in the custom URL handler being ignored. The framework should really be using a doPriv here. {code:java} java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) at java.lang.Class.getClassLoader(Class.java:683) at org.apache.felix.framework.URLHandlers.getFrameworkFromContext(URLHandlers.java:690) at org.apache.felix.framework.URLHandlersStreamHandlerProxy.getStreamHandlerService(URLHandlersStreamHandlerProxy.java:574) at org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.java:474) at java.net.URL.toExternalForm(URL.java:929) at java.net.URL.toString(URL.java:915) at java.lang.ClassLoader.defineClassSourceLocation(ClassLoader.java:678) at java.lang.ClassLoader.defineClass(ClassLoader.java:762) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096) at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565) at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at org.apache.felix.cm.impl.ConfigurationManager.configure(ConfigurationManager.java:758) {code} Secondly, the wrong framework is returned some of the time due to the logic of URLHandlers.getFrameworkContext() - in this method it assumes that there will be a bundle class loader on the stack, which is not true when the launcher is starting a bundle (the framework reflectively loads the Activator type which requires a URL check to set the security domain). -- This message was sent by Atlassian JIRA (v7.6.3#76005)