[ https://issues.apache.org/jira/browse/FELIX-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerrit van Brakel closed FELIX-1363. ------------------------------------ Resolution: Fixed Fix Version/s: felix-2.0.0 Issue has been fixed by introduction of ThreadLocal recurse in AdminPermission, and it's use in AdminPermission.getProperties() > Stack overflow on Java 2 Security evaluation of getLocation() in WebSphere > --------------------------------------------------------------------------- > > Key: FELIX-1363 > URL: https://issues.apache.org/jira/browse/FELIX-1363 > Project: Felix > Issue Type: Bug > Components: Framework > Affects Versions: felix-1.2.1 , felix-1.4.1, felix-1.8.0, felix-1.8.1 > Environment: WebSphere 6.1 with Java 2 Security enabled > Reporter: Gerrit van Brakel > Fix For: felix-2.0.0 > > > When the Felix framework is used in an application in WebSphere, the Java 2 > Security permission evaluation of Felix.getLocation() causes a Stack Overflow. > > The Stack Overflow is caused by an incompatiblity between classes of the > Felix framework and the framework classes present in WebSphere. > > When the permissions for Felix.getLocation() are evaluated, an > AdminPermission object is created and evaluated. The AdminPermission > permission object created is not the one supplied by the Felix framework, but > one found higher on the classpath: the WebSphere/eclipse version of the > AdminPermission class. This version of the class is incompatible with Felix, > as it uses getLocation() in its evaluation. > ways to work around or solve this problem: > 1) disable Java 2 Security (not acceptable by company policy) > 2) grant a global AllPermissions (not acceptable by company policy): by > specifying global AllPermissions, the evaluation of permissions seems to be > avoided > 3) modify the Felix Framework in such a way that no permissions are > set/evaluated for getLocation() > 4) modify the Websphere / eclipse version of AdminPermission in such a way > that no getLocation() is used in its evaluation > A test for option 3 has been performed on Felix 1.2.1. If the permission test > is removed from BundleImpl.getLocation() and Felix.getLocation(), the stack > overflow does not appear. Of course the permission test is lost in the > process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.