You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by cz...@apache.org on 2018/08/16 08:39:42 UTC
svn commit: r1838162 - in /felix/trunk/configadmin: ./
src/main/java/org/apache/felix/cm/impl/helper/
src/test/java/org/apache/felix/cm/integration/
src/test/java/org/apache/felix/cm/integration/helper/ src/test/resources/
Author: cziegeler
Date: Thu Aug 16 08:39:41 2018
New Revision: 1838162
URL: http://svn.apache.org/viewvc?rev=1838162&view=rev
Log:
FELIX-5908 : NoClassDefFoundError for the CM Security Domain combiner. Apply patch from Tim Ward
Added:
felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java (with props)
felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java (with props)
felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java (with props)
felix/trunk/configadmin/src/test/resources/
felix/trunk/configadmin/src/test/resources/all.policy
Modified:
felix/trunk/configadmin/changelog.txt
felix/trunk/configadmin/pom.xml
felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java
felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigurationTestBase.java
Modified: felix/trunk/configadmin/changelog.txt
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/changelog.txt?rev=1838162&r1=1838161&r2=1838162&view=diff
==============================================================================
--- felix/trunk/configadmin/changelog.txt (original)
+++ felix/trunk/configadmin/changelog.txt Thu Aug 16 08:39:41 2018
@@ -1,3 +1,9 @@
+Changes in 1.9.6
+----------------
+** Bug
+ * [FELIX-5908] : NoClassDefFoundError for the CM Security Domain combiner
+
+
Changes in 1.9.4
----------------
** Bug
Modified: felix/trunk/configadmin/pom.xml
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/pom.xml?rev=1838162&r1=1838161&r2=1838162&view=diff
==============================================================================
--- felix/trunk/configadmin/pom.xml (original)
+++ felix/trunk/configadmin/pom.xml Thu Aug 16 08:39:41 2018
@@ -133,6 +133,13 @@
<version>2.6.0</version>
<scope>test</scope>
</dependency>
+ <!-- The forked container is needed so that we can use Java security in the tests -->
+ <dependency>
+ <groupId>org.ops4j.pax.exam</groupId>
+ <artifactId>pax-exam-container-forked</artifactId>
+ <version>2.6.0</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.ops4j.pax.exam</groupId>
<artifactId>pax-exam-link-mvn</artifactId>
@@ -169,6 +176,12 @@
<version>5.6.1</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.framework.security</artifactId>
+ <version>2.7.0-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified: felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java?rev=1838162&r1=1838161&r2=1838162&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java (original)
+++ felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java Thu Aug 16 08:39:41 2018
@@ -298,16 +298,19 @@ public abstract class BaseTracker<S> ext
}
private static class CMDomainCombiner implements DomainCombiner {
- private final Bundle bundle;
+ private final CMProtectionDomain domain;
CMDomainCombiner(Bundle bundle) {
- this.bundle = bundle;
+
+ // FELIX-5908 - Eagerly instantiate this class
+ // to avoid a potential NoClassDefFoundError
+ this.domain = new CMProtectionDomain(bundle);
}
@Override
public ProtectionDomain[] combine(ProtectionDomain[] arg0,
ProtectionDomain[] arg1) {
- return new ProtectionDomain[] { new CMProtectionDomain(bundle) };
+ return new ProtectionDomain[] { domain };
}
}
Added: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java?rev=1838162&view=auto
==============================================================================
--- felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java (added)
+++ felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java Thu Aug 16 08:39:41 2018
@@ -0,0 +1,164 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.cm.integration;
+
+
+import static org.ops4j.pax.exam.CoreOptions.frameworkProperty;
+import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
+import static org.ops4j.pax.exam.CoreOptions.options;
+import static org.ops4j.pax.exam.CoreOptions.systemProperty;
+import static org.osgi.framework.Constants.FRAMEWORK_SECURITY;
+import static org.osgi.framework.Constants.FRAMEWORK_SECURITY_OSGI;
+import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN;
+import static org.osgi.framework.Constants.FRAMEWORK_STORAGE_CLEAN_ONFIRSTINIT;
+import static org.osgi.service.url.URLConstants.URL_HANDLER_PROTOCOL;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Dictionary;
+import java.util.Hashtable;
+
+import org.apache.felix.cm.integration.helper.ManagedServiceFactoryTestActivator3;
+import org.apache.felix.cm.integration.helper.NestedURLStreamHandler;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.Option;
+import org.ops4j.pax.exam.forked.ForkedTestContainerFactory;
+import org.ops4j.pax.exam.junit.ExamFactory;
+import org.ops4j.pax.exam.junit.ExamReactorStrategy;
+import org.ops4j.pax.exam.junit.JUnit4TestRunner;
+import org.ops4j.pax.exam.spi.reactors.AllConfinedStagedReactorFactory;
+import org.osgi.framework.BundleException;
+import org.osgi.framework.Constants;
+import org.osgi.framework.ServiceRegistration;
+import org.osgi.service.cm.Configuration;
+import org.osgi.service.cm.ConfigurationAdmin;
+import org.osgi.service.url.URLStreamHandlerService;
+
+import junit.framework.TestCase;
+
+
+/**
+ * This test case runs the main Configuration tests with security on to check that
+ * nothing breaks.
+ *
+ * Note that it must run as a {@link ForkedTestContainerFactory} because otherwise
+ * we can't enable Java Security in the Framework
+ */
+@RunWith( JUnit4TestRunner.class )
+@ExamFactory( ForkedTestContainerFactory.class )
+@ExamReactorStrategy( AllConfinedStagedReactorFactory.class )
+public class ConfigAdminSecurityTest extends ConfigurationBaseTest
+{
+
+ @Override
+ protected Option[] additionalConfiguration() {
+ File policyFile = new File( "src/test/resources/all.policy" );
+ return options(
+ frameworkProperty( FRAMEWORK_STORAGE_CLEAN ).value( FRAMEWORK_STORAGE_CLEAN_ONFIRSTINIT ),
+ frameworkProperty( FRAMEWORK_SECURITY ).value( FRAMEWORK_SECURITY_OSGI ),
+ systemProperty( "java.security.policy" ).value( policyFile.getAbsolutePath() ),
+ mavenBundle( "org.apache.felix", "org.apache.felix.framework.security", "2.7.0-SNAPSHOT" )
+ );
+ }
+
+ @Test
+ public void test_secure_configuration() throws BundleException, IOException
+ {
+ final String factoryPid = "test_secure_configuration";
+ bundle = installBundle( factoryPid, ManagedServiceFactoryTestActivator3.class );
+ bundle.start();
+ delay();
+
+ final Configuration config = createFactoryConfiguration( factoryPid, null, true );
+ final String pid = config.getPid();
+ delay();
+
+ // ==> configuration supplied to the service ms1
+ final ManagedServiceFactoryTestActivator3 tester = ManagedServiceFactoryTestActivator3.INSTANCE;
+ Dictionary<?, ?> props = tester.configs.get( pid );
+ TestCase.assertNotNull( props );
+ TestCase.assertEquals( pid, props.get( Constants.SERVICE_PID ) );
+ TestCase.assertEquals( factoryPid, props.get( ConfigurationAdmin.SERVICE_FACTORYPID ) );
+ TestCase.assertNull( props.get( ConfigurationAdmin.SERVICE_BUNDLELOCATION ) );
+ TestCase.assertEquals( PROP_NAME, props.get( PROP_NAME ) );
+ TestCase.assertEquals( File.separator, props.get( "foo" ) );
+ TestCase.assertEquals( 0, tester.numManagedServiceUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryUpdatedCalls );
+ TestCase.assertEquals( 0, tester.numManagedServiceFactoryDeleteCalls );
+
+ // delete
+ config.delete();
+ delay();
+
+ // ==> update with null
+ TestCase.assertNull( tester.configs.get( pid ) );
+ TestCase.assertEquals( 0, tester.numManagedServiceUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryDeleteCalls );
+ }
+
+ @Test
+ public void test_secure_configuration_non_standard_install_url() throws Exception
+ {
+ // Override the file URL handler
+
+ @SuppressWarnings({ "serial", "unused" })
+ ServiceRegistration<URLStreamHandlerService> reg = bundleContext
+ .registerService( URLStreamHandlerService.class, new NestedURLStreamHandler(),
+ new Hashtable<String, Object>() { {
+ put( URL_HANDLER_PROTOCOL, new String[] { "file" } );
+ } } );
+
+
+ // Run the actual test
+
+ final String factoryPid = "test_secure_configuration_non_standard_install_url";
+ bundle = installBundle( factoryPid, ManagedServiceFactoryTestActivator3.class );
+ bundle.start();
+ delay();
+
+ final Configuration config = createFactoryConfiguration( factoryPid, null, true );
+ final String pid = config.getPid();
+ delay();
+
+ // ==> configuration supplied to the service ms1
+ final ManagedServiceFactoryTestActivator3 tester = ManagedServiceFactoryTestActivator3.INSTANCE;
+ Dictionary<?, ?> props = tester.configs.get( pid );
+ TestCase.assertNotNull( props );
+ TestCase.assertEquals( pid, props.get( Constants.SERVICE_PID ) );
+ TestCase.assertEquals( factoryPid, props.get( ConfigurationAdmin.SERVICE_FACTORYPID ) );
+ TestCase.assertNull( props.get( ConfigurationAdmin.SERVICE_BUNDLELOCATION ) );
+ TestCase.assertEquals( PROP_NAME, props.get( PROP_NAME ) );
+ TestCase.assertEquals( File.separator, props.get( "foo" ) );
+ TestCase.assertEquals( 0, tester.numManagedServiceUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryUpdatedCalls );
+ TestCase.assertEquals( 0, tester.numManagedServiceFactoryDeleteCalls );
+
+ // delete
+ config.delete();
+ delay();
+
+ // ==> update with null
+ TestCase.assertNull( tester.configs.get( pid ) );
+ TestCase.assertEquals( 0, tester.numManagedServiceUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryUpdatedCalls );
+ TestCase.assertEquals( 1, tester.numManagedServiceFactoryDeleteCalls );
+ }
+}
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigAdminSecurityTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Modified: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigurationTestBase.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigurationTestBase.java?rev=1838162&r1=1838161&r2=1838162&view=diff
==============================================================================
--- felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigurationTestBase.java (original)
+++ felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/ConfigurationTestBase.java Thu Aug 16 08:39:41 2018
@@ -27,6 +27,7 @@ import static org.ops4j.pax.exam.CoreOpt
import static org.ops4j.pax.exam.CoreOptions.vmOption;
import static org.ops4j.pax.exam.CoreOptions.workingDirectory;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -47,7 +48,11 @@ import org.junit.Before;
import org.ops4j.pax.exam.Option;
import org.ops4j.pax.exam.OptionUtils;
import org.ops4j.pax.exam.TestProbeBuilder;
+import org.ops4j.pax.exam.forked.ForkedTestContainer;
+import org.ops4j.pax.exam.junit.ExamFactory;
import org.ops4j.pax.exam.junit.ProbeBuilder;
+import org.ops4j.pax.exam.nat.internal.NativeTestContainer;
+import org.ops4j.pax.exam.nat.internal.NativeTestContainerFactory;
import org.ops4j.pax.tinybundles.core.TinyBundles;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
@@ -63,6 +68,13 @@ import junit.framework.AssertionFailedEr
import junit.framework.TestCase;
+/**
+ * The common integration test support class
+ *
+ * The default is always to use the {@link NativeTestContainer} as it is much
+ * faster. Tests that need more isolation should use the {@link ForkedTestContainer}.
+ */
+@ExamFactory(NativeTestContainerFactory.class)
public abstract class ConfigurationTestBase
{
@@ -100,7 +112,7 @@ public abstract class ConfigurationTestB
@org.ops4j.pax.exam.junit.Configuration
- public static Option[] configuration()
+ public Option[] configuration()
{
final String bundleFileName = System.getProperty( BUNDLE_JAR_SYS_PROP, BUNDLE_JAR_DEFAULT );
final File bundleFile = new File( bundleFileName );
@@ -118,7 +130,11 @@ public abstract class ConfigurationTestB
bundle(bundleFile.toURI().toString())
);
final Option option = ( paxRunnerVmOption != null ) ? vmOption( paxRunnerVmOption ) : null;
- return OptionUtils.combine( base, option );
+ return OptionUtils.combine(OptionUtils.combine( base, option ), additionalConfiguration());
+ }
+
+ protected Option[] additionalConfiguration() {
+ return null;
}
Added: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java?rev=1838162&view=auto
==============================================================================
--- felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java (added)
+++ felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java Thu Aug 16 08:39:41 2018
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.cm.integration.helper;
+
+
+import java.util.Dictionary;
+
+import org.osgi.framework.BundleContext;
+import org.osgi.service.cm.ManagedServiceFactory;
+
+
+public class ManagedServiceFactoryTestActivator3 extends BaseTestActivator
+{
+ public static ManagedServiceFactoryTestActivator3 INSTANCE;
+
+
+ public void start( BundleContext context ) throws Exception
+ {
+ context.registerService( ManagedServiceFactory.class.getName(), this, getServiceProperties( context ) );
+ INSTANCE = this;
+ }
+
+
+ public void stop( BundleContext arg0 ) throws Exception
+ {
+ INSTANCE = null;
+ }
+
+ public void updated( String pid, Dictionary props )
+ {
+ // Getting a property is a secure action
+ String property = System.getProperty("file.separator");
+
+ if(property != null) {
+ props.put("foo", property);
+ }
+
+ super.updated(pid, props);
+ }
+}
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/ManagedServiceFactoryTestActivator3.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Added: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java?rev=1838162&view=auto
==============================================================================
--- felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java (added)
+++ felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java Thu Aug 16 08:39:41 2018
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.cm.integration.helper;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLConnection;
+
+import org.osgi.service.url.AbstractURLStreamHandlerService;
+import org.osgi.service.url.URLStreamHandlerService;
+
+public class NestedURLStreamHandler extends AbstractURLStreamHandlerService implements URLStreamHandlerService {
+
+ @Override
+ public URLConnection openConnection(URL u) throws IOException {
+ return new NestedURLConnection( u );
+ }
+
+ public static class NestedURLConnection extends URLConnection {
+
+ protected NestedURLConnection( URL url ) {
+ super( url );
+ }
+
+ @Override
+ public void connect() throws IOException {
+
+ }
+
+ @Override
+ public InputStream getInputStream() throws IOException {
+ return new FileInputStream( getURL().getFile() );
+ }
+ }
+
+ @Override
+ public String toExternalForm( final URL u ) {
+ // This is necessary, because we want to force a permission check
+
+ try {
+ String property = System.getProperty("file.separator");
+
+ if(property != null) {
+ System.out.println( "File Separator is: " + property );
+ }
+ } catch (SecurityException se) {
+ System.out.println( "Forbidden to check the File Separator." );
+ }
+
+ return super.toExternalForm( u );
+ }
+
+}
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: felix/trunk/configadmin/src/test/java/org/apache/felix/cm/integration/helper/NestedURLStreamHandler.java
------------------------------------------------------------------------------
svn:keywords = author date id revision rev url
Added: felix/trunk/configadmin/src/test/resources/all.policy
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/test/resources/all.policy?rev=1838162&view=auto
==============================================================================
--- felix/trunk/configadmin/src/test/resources/all.policy (added)
+++ felix/trunk/configadmin/src/test/resources/all.policy Thu Aug 16 08:39:41 2018
@@ -0,0 +1,21 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+grant {
+ permission java.security.AllPermission;
+};
\ No newline at end of file