[ https://issues.apache.org/jira/browse/FELIX-5978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16680417#comment-16680417 ]
Karl Pauls commented on FELIX-5978: ----------------------------------- I applied the patch provided by [~timothyjward] - thanks a lot! > Felix framework unable to retrieve custom URL handlers when security is on > -------------------------------------------------------------------------- > > Key: FELIX-5978 > URL: https://issues.apache.org/jira/browse/FELIX-5978 > Project: Felix > Issue Type: Bug > Affects Versions: framework-6.0.0, framework-6.0.1 > Reporter: Timothy Ward > Assignee: Karl Pauls > Priority: Critical > Fix For: framework-6.0.2 > > > When running with multiple frameworks in the same VM, custom URL Handlers, > and OSGi security on there are a couple of problems: > > Firstly, this security exception results in the custom URL handler being > ignored. The framework should really be using a doPriv here. > {code:java} > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at java.security.AccessController.checkPermission(AccessController.java:884) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) > at java.lang.Class.getClassLoader(Class.java:683) > at > org.apache.felix.framework.URLHandlers.getFrameworkFromContext(URLHandlers.java:690) > at > org.apache.felix.framework.URLHandlersStreamHandlerProxy.getStreamHandlerService(URLHandlersStreamHandlerProxy.java:574) > at > org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.java:474) > at java.net.URL.toExternalForm(URL.java:929) > at java.net.URL.toString(URL.java:915) > at java.lang.ClassLoader.defineClassSourceLocation(ClassLoader.java:678) > at java.lang.ClassLoader.defineClass(ClassLoader.java:762) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096) > at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565) > at > org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79) > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982) > at java.lang.ClassLoader.loadClass(ClassLoader.java:357) > at > org.apache.felix.cm.impl.ConfigurationManager.configure(ConfigurationManager.java:758) > {code} > Secondly, the wrong framework is returned some of the time due to the logic > of URLHandlers.getFrameworkContext() - in this method it assumes that there > will be a bundle class loader on the stack, which is not true when the > launcher is starting a bundle (the framework reflectively loads the Activator > type which requires a URL check to set the security domain). -- This message was sent by Atlassian JIRA (v7.6.3#76005)