You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2016/10/25 17:35:59 UTC
[jira] [Closed] (FELIX-5385) ConfigAdmin uses wrong security when
calling ManagedServices
[ https://issues.apache.org/jira/browse/FELIX-5385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed FELIX-5385.
-----------------------------------
> ConfigAdmin uses wrong security when calling ManagedServices
> ------------------------------------------------------------
>
> Key: FELIX-5385
> URL: https://issues.apache.org/jira/browse/FELIX-5385
> Project: Felix
> Issue Type: Bug
> Affects Versions: configadmin-1.8.0
> Reporter: Guillaume Nodet
> Assignee: Guillaume Nodet
> Fix For: configadmin-1.8.12
>
>
> When a ManagedService (which bundles has all permissions) is called, we end up with the following exception.
> The reason is that all code protection domain need to have the permission to actually grant the permission, and ConfigAdmin has very restricted permissions. A DomainCombiner should be used to only apply the bundle's permission to the call.
> {code}
> 10:43:43.543 [CM Configuration Updater (ManagedService Update: pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin - [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService, org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]: Unexpected problem updating configuration org.ops4j.pax.logging
> java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [?:?]
> at java.security.AccessController.checkPermission(AccessController.java:884) [?:?]
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [?:?]
> at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?]
> at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?]
> at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> at org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177) [6:org.apache.felix.configadmin:1.8.8]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) [6:org.apache.felix.configadmin:1.8.8]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) [6:org.apache.felix.configadmin:1.8.8]
> at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) [6:org.apache.felix.configadmin:1.8.8]
> at java.lang.Thread.run(Thread.java:745) [?:?]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)