You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by pa...@apache.org on 2008/08/06 17:59:20 UTC
svn commit: r683310 - in
/felix/trunk/framework/src/main/java/org/apache/felix/framework:
BundleProtectionDomain.java Felix.java
Author: pauls
Date: Wed Aug 6 08:59:20 2008
New Revision: 683310
URL: http://svn.apache.org/viewvc?rev=683310&view=rev
Log:
Subject.doAs is not considered by the spec and doesn't work well with the current approach we have inside the framework. This commit makes it work based on the current security policy installed. Furthermore, it is now possible (and needed) to assign permissions to bundles via the security policy (based on the bundle location - not certificates). In other words, as of now, correct permissions have to be assigned to the framework and bundles using the java security policy based on either the codesource or the subject, if subject.doAs is used. This is possible because bundles do have a codesource now and the bundle protection domain asks the installed policy for permissions in case no security provider is installed. (FELIX-654)
Modified:
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java Wed Aug 6 08:59:20 2008
@@ -18,17 +18,24 @@
*/
package org.apache.felix.framework;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.CodeSource;
import java.security.Permission;
import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
public class BundleProtectionDomain extends ProtectionDomain
{
private final Felix m_felix;
private final FelixBundle m_bundle;
- public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+ public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+ throws MalformedURLException
{
- super(null, null);
+ super(new CodeSource(new URL(new URL(null, "location:",
+ new FakeURLStreamHandler()), felix.getBundleLocation(bundle),
+ new FakeURLStreamHandler()), (Certificate[]) null), null);
m_felix = felix;
m_bundle = bundle;
}
@@ -61,7 +68,7 @@
}
return m_bundle == ((BundleProtectionDomain) other).m_bundle;
}
-
+
public String toString()
{
return "[" + m_bundle + "]";
Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java Wed Aug 6 08:59:20 2008
@@ -3402,6 +3402,10 @@
{
return m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission, direct);
}
+ else if ((bundleProtectionDomain.getBundle() != this) && (System.getSecurityManager() != null))
+ {
+ return m_secureAction.getPolicy().implies(bundleProtectionDomain, permission);
+ }
return true;
}