You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Lukas Kolisko (JIRA)" <ji...@apache.org> on 2009/12/08 16:38:18 UTC
[jira] Commented: (FELIX-1827) Check permission before getting or
registering services
[ https://issues.apache.org/jira/browse/FELIX-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12787504#action_12787504 ]
Lukas Kolisko commented on FELIX-1827:
--------------------------------------
If a service component does not provide any service and system security manager is set , then
AbstractComponentManager.java@537
final String[] services = getComponentMetadata().getServiceMetadata().getProvides(); fails with NPE because ServiceMetadata is null.
Possible patch:
Index: src/main/java/org/apache/felix/scr/impl/manager/AbstractComponentManager.java
===================================================================
--- src/main/java/org/apache/felix/scr/impl/manager/AbstractComponentManager.java (revision 888421)
+++ src/main/java/org/apache/felix/scr/impl/manager/AbstractComponentManager.java (working copy)
@@ -33,6 +33,7 @@
import org.apache.felix.scr.impl.ComponentActivatorTask;
import org.apache.felix.scr.impl.metadata.ComponentMetadata;
import org.apache.felix.scr.impl.metadata.ReferenceMetadata;
+import org.apache.felix.scr.impl.metadata.ServiceMetadata;
import org.osgi.framework.Bundle;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServicePermission;
@@ -534,18 +535,22 @@
boolean allowed = true;
if ( System.getSecurityManager() != null )
{
- final String[] services = getComponentMetadata().getServiceMetadata().getProvides();
- if ( services != null && services.length > 0 )
+ final ServiceMetadata metadata = getComponentMetadata().getServiceMetadata();
+ if ( metadata != null )
{
- final Bundle bundle = getBundle();
- for ( int i = 0; i < services.length; i++ )
+ final String[] services = metadata.getProvides();
+ if ( services != null && services.length > 0 )
{
- final Permission perm = new ServicePermission( services[i], ServicePermission.REGISTER );
- if ( !bundle.hasPermission( perm ) )
+ final Bundle bundle = getBundle();
+ for ( int i = 0; i < services.length; i++ )
{
- log( LogService.LOG_INFO, "Permission to register service {0} is denied", new Object[]
- { services[i] }, null );
- allowed = false;
+ final Permission perm = new ServicePermission( services[i], ServicePermission.REGISTER );
+ if ( !bundle.hasPermission( perm ) )
+ {
+ log( LogService.LOG_INFO, "Permission to register service {0} is denied", new Object[]
+ { services[i] }, null );
+ allowed = false;
+ }
}
}
}
> Check permission before getting or registering services
> -------------------------------------------------------
>
> Key: FELIX-1827
> URL: https://issues.apache.org/jira/browse/FELIX-1827
> Project: Felix
> Issue Type: Bug
> Components: Declarative Services (SCR), Specification compliance
> Affects Versions: scr-1.2.0
> Reporter: Felix Meschberger
> Fix For: scr-1.2.0
>
>
> The DS specification states in 112.9.3 that SCR has to call Bundle.hasPermission for the providing bundle when registering or getting services on behalf of the providing bundle:
> SCR does all publishing, finding and binding of services on behalf of the
> component using the Bundle Context of the component's bundle. This
> means that normal stack-based permission checks will check SCR and not
> the component's bundle. Since SCR is registering and getting services on
> behalf of a component's bundle, SCR must call the Bundle.hasPermission
> method to validate that a component's bundle has the necessary permission
> to register or get a service.
> This is not currently implemented.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.