You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Guillaume Nodet (JIRA)" <ji...@apache.org> on 2016/10/20 08:47:59 UTC
[jira] [Created] (FELIX-5385) ConfigAdmin uses wrong security when
calling ManagedServices
Guillaume Nodet created FELIX-5385:
--------------------------------------
Summary: ConfigAdmin uses wrong security when calling ManagedServices
Key: FELIX-5385
URL: https://issues.apache.org/jira/browse/FELIX-5385
Project: Felix
Issue Type: Bug
Reporter: Guillaume Nodet
When a ManagedService (which bundles has all permissions) is called, we end up with the following exception.
The reason is that all code protection domain need to have the permission to actually grant the permission, and ConfigAdmin has very restricted permissions. A DomainCombiner should be used to only apply the bundle's permission to the call.
{code}
10:43:43.543 [CM Configuration Updater (ManagedService Update: pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin - [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService, org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]: Unexpected problem updating configuration org.ops4j.pax.logging
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [?:?]
at java.security.AccessController.checkPermission(AccessController.java:884) [?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?]
at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?]
at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
at org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177) [6:org.apache.felix.configadmin:1.8.8]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) [6:org.apache.felix.configadmin:1.8.8]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) [6:org.apache.felix.configadmin:1.8.8]
at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) [6:org.apache.felix.configadmin:1.8.8]
at java.lang.Thread.run(Thread.java:745) [?:?]
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)