[jira] Closed: (FELIX-1363) Stack overflow on Java 2 Security evaluation of getLocation() in WebSphere

Tue, 22 Sep 2009 02:57:43 -0700 

     [ 
https://issues.apache.org/jira/browse/FELIX-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gerrit van Brakel closed FELIX-1363.
------------------------------------

       Resolution: Fixed
    Fix Version/s: felix-2.0.0

Issue has been fixed by introduction of ThreadLocal recurse in AdminPermission, 
and it's use in AdminPermission.getProperties()

> Stack overflow on Java 2 Security evaluation of getLocation() in WebSphere 
> ---------------------------------------------------------------------------
>
>                 Key: FELIX-1363
>                 URL: https://issues.apache.org/jira/browse/FELIX-1363
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.2.1
, felix-1.4.1, felix-1.8.0, felix-1.8.1
>         Environment: WebSphere 6.1 with Java 2 Security enabled
>            Reporter: Gerrit van Brakel
>             Fix For: felix-2.0.0
>
>
> When the Felix framework is used in an application in WebSphere, the Java 2 
> Security permission evaluation of Felix.getLocation() causes a Stack Overflow.
>  
> The Stack Overflow is caused by an incompatiblity between classes of the 
> Felix framework and the framework classes present in WebSphere.
>  
> When the permissions for Felix.getLocation() are evaluated, an 
> AdminPermission object is created and evaluated. The AdminPermission 
> permission object created is not the one supplied by the Felix framework, but 
> one found higher on the classpath: the WebSphere/eclipse version of the 
> AdminPermission class. This version of the class is incompatible with Felix, 
> as it uses getLocation() in its evaluation. 
> ways to work around or solve this problem:
> 1) disable Java 2 Security (not acceptable by company policy)
> 2) grant a global AllPermissions (not acceptable by company policy): by 
> specifying global AllPermissions, the evaluation of permissions seems to be 
> avoided
> 3) modify the Felix Framework in such a way that no permissions are 
> set/evaluated for getLocation()
> 4) modify the Websphere / eclipse version of AdminPermission in such a way 
> that no getLocation() is used in its evaluation
> A test for option 3 has been performed on Felix 1.2.1. If the permission test 
> is removed from BundleImpl.getLocation() and Felix.getLocation(), the stack 
> overflow does not appear. Of course the permission test is lost in the 
> process.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to