You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Richard S. Hall (JIRA)" <ji...@apache.org> on 2009/06/30 20:24:47 UTC

[jira] Updated: (FELIX-1286) Module class loader should use secure action instead of a privileged block

     [ https://issues.apache.org/jira/browse/FELIX-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard S. Hall updated FELIX-1286:
-----------------------------------

          Description: Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones.  (was: Due to some refactoring, the module class loader is no longer being created in a privileged block. Since creating a secure class loader is a protected operation, this is causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). We need to think of a new way to do this, but at a minimum we should just put a doPriv() block right in the ModuleImpl class.)
    Affects Version/s:     (was: felix-1.6.1)
                           (was: felix-1.8.0)
                           (was: felix-1.6.0)
                       felix-1.8.1
        Fix Version/s:     (was: felix-1.8.1)
                       felix-2.0.0

> Module class loader should use secure action instead of a privileged block
> --------------------------------------------------------------------------
>
>                 Key: FELIX-1286
>                 URL: https://issues.apache.org/jira/browse/FELIX-1286
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.8.1
>            Reporter: Richard S. Hall
>            Assignee: Richard S. Hall
>             Fix For: felix-2.0.0
>
>
> Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.