You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@felix.apache.org by Roland <ro...@gmx.de> on 2013/10/22 15:04:48 UTC
Access denied in spite of permissions
Hello Felix experts,
today I ran into a access-denied-issue.
access denied (org.osgi.framework.ServicePermission
my.package.serviceinterface register)
I added the permission to the permissions.perm of the bundle. Unfortunately
that did not solve the problem.
I wonder why the access is denied even though the permission is explicitly
granted? Please could someone explain why this can happen.
Thanks and regards!
Roland
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Roland <ro...@gmx.de>.
Hi,
now I know whats going on.
I calling findEntries() at some point of time and a access denied exception
is thrown (org.osgi.framework.AdminPermission (id=3) resolve,resource). But
this error massage is covered for some reasons by the second msg. access
denied (org.osgi.framework.ServicePermission my.package.serviceinterface
register) which is wrong at this point.
Thanks and Regards.
Roland
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005750.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Karl Pauls <ka...@gmail.com>.
You probably have to doPriv around the service registration as cm is on the
stack and probably doesn't have the permission itself. Its either that, or
you assign the permission (or all permission) to the cm bundle.
regards,
Karl
On Thu, Oct 24, 2013 at 10:20 AM, Roland <ro...@gmx.de> wrote:
> My permissions:
>
> (org.osgi.framework.ConfigurationPermission * "target")
> (org.osgi.framework.AdminPermission * "metadata")
> (org.osgi.framework.ServicePermission
> "org.osgi.service.cm.ConfigurationAdmin" "get")
> (org.osgi.framework.ConfigurationPermission * "configure")
> (org.osgi.framework.PackagePermission "org.osgi.service.cm" "import")
> (org.osgi.framework.ServicePermission
> "org.osgi.service.cm.ManagedServiceFactory" "register")
> (org.osgi.framework.ServicePermission "my.package.ServiceInterface"
> register)
> (org.osgi.framework.ServicePermission "my.package.MyServiceFactory"
> register)
>
> Did I forget something?
>
> Thanks and Regards
> Roland
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005720.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
Re: Access denied in spite of permissions
Posted by Roland <ro...@gmx.de>.
My permissions:
(org.osgi.framework.ConfigurationPermission * "target")
(org.osgi.framework.AdminPermission * "metadata")
(org.osgi.framework.ServicePermission
"org.osgi.service.cm.ConfigurationAdmin" "get")
(org.osgi.framework.ConfigurationPermission * "configure")
(org.osgi.framework.PackagePermission "org.osgi.service.cm" "import")
(org.osgi.framework.ServicePermission
"org.osgi.service.cm.ManagedServiceFactory" "register")
(org.osgi.framework.ServicePermission "my.package.ServiceInterface"
register)
(org.osgi.framework.ServicePermission "my.package.MyServiceFactory"
register)
Did I forget something?
Thanks and Regards
Roland
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005720.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Roland <ro...@gmx.de>.
ERROR org.apache.felix.configadmin - (1382601621864)
[org.osgi.service.cm.ManagedServiceFactory, my.package.MyServiceFactory,
id=27, bundle=3/file:/path/mybundle/1.0.0.0/mybundle-1.0.0.0.jar]:
Unexpected problem updating configuration
my.package.MyServiceFactory.38be1d63-77fe-4110-9a9f-7af536af9a65
java.security.AccessControlException: access denied
(org.osgi.framework.ServicePermission my.package.ServiceInterface register)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at
java.security.AccessController.checkPermission(AccessController.java:549)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:340)
at
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:320)
at
my.package.serviceinterface.MyServiceFactory.updated(MyServiceFactory.java:123)
at
org.apache.felix.cm.impl.helper.ManagedServiceFactoryTracker.provideConfiguration(ManagedServiceFactoryTracker.java:88)
at
org.apache.felix.cm.impl.ConfigurationManager$UpdateConfiguration.run(ConfigurationManager.java:1744)
at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:103)
at java.lang.Thread.run(Thread.java:662)
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005719.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Roland <ro...@gmx.de>.
I tried "AllPermission" without success.
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005718.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Karl Pauls <ka...@gmail.com>.
Well, you need to give the bundles all permission then no?
I guess if you want me to take a look you have to either share what you
have or give me more informations so that i can understand what you do...
regards,
Karl
On Tue, Oct 22, 2013 at 4:19 PM, Roland <ro...@gmx.de> wrote:
> Hello Karl,
> thanks for supporting me!
> I do not use the permission admin. I add carefully selected permissions to
> the permissions.perm file for each bundle. The permissions.perm file is
> located in the OSGI-INF directory of the bundle. For most bundles this
> works
> fine.
>
> Maybe there are some unknown side effects that prevent granting this single
> permission.
>
> Regards
> Roland
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005690.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
Re: Access denied in spite of permissions
Posted by Roland <ro...@gmx.de>.
Hello Karl,
thanks for supporting me!
I do not use the permission admin. I add carefully selected permissions to
the permissions.perm file for each bundle. The permissions.perm file is
located in the OSGI-INF directory of the bundle. For most bundles this works
fine.
Maybe there are some unknown side effects that prevent granting this single
permission.
Regards
Roland
--
View this message in context: http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687p5005690.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Access denied in spite of permissions
Posted by Karl Pauls <ka...@gmail.com>.
Did you give the bundle the permission or all permission via the
conditional permission admin?
regards,
Karl
On Tue, Oct 22, 2013 at 3:04 PM, Roland <ro...@gmx.de> wrote:
> Hello Felix experts,
> today I ran into a access-denied-issue.
> access denied (org.osgi.framework.ServicePermission
> my.package.serviceinterface register)
> I added the permission to the permissions.perm of the bundle. Unfortunately
> that did not solve the problem.
>
> I wonder why the access is denied even though the permission is explicitly
> granted? Please could someone explain why this can happen.
>
> Thanks and regards!
> Roland
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/Access-denied-in-spite-of-permissions-tp5005687.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls