You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Valentin Valchev (JIRA)" <ji...@apache.org> on 2014/08/21 13:51:11 UTC
[jira] [Created] (FELIX-4610) WebConsole doesn't start with Java
Secruity enabled
Valentin Valchev created FELIX-4610:
---------------------------------------
Summary: WebConsole doesn't start with Java Secruity enabled
Key: FELIX-4610
URL: https://issues.apache.org/jira/browse/FELIX-4610
Project: Felix
Issue Type: Bug
Components: Web Console
Affects Versions: webconsole-4.2.2
Reporter: Valentin Valchev
Assignee: Valentin Valchev
Priority: Blocker
Fix For: webconsole-4.2.4
The framework is run with java security enabled. When I attempt to start the webconsole there is an exception:
{code}
java.security.AccessControlException: access denied ("org.osgi.framework.ServicePermission" "(service.id=44)" "get")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:110)
at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:71)
at com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions0(BasicSecurityImpl.java:256)
at com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions(BasicSecurityImpl.java:251)
at com.prosyst.mbs.impl.framework.ServicesManager.getSR(ServicesManager.java:774)
at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences0(BundleContextImpl.java:794)
at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:774)
at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:749)
at org.osgi.util.tracker.ServiceTracker.getInitialReferences(ServiceTracker.java:334)
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:297)
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
at org.apache.felix.webconsole.internal.servlet.OsgiManager.updateConfiguration(OsgiManager.java:1002)
at org.apache.felix.webconsole.internal.servlet.ConfigurationSupport.updated(ConfigurationSupport.java:51)
{code}
The reason for this exception is that Web Console tries to access a service in it's updated method. Since configuration admin bundle doesn't have enough permission the call fails and the /system/console alias doesn't get registered.
To solve that issue, the updated method should use doPrivileged when performing the operations.
The same applies to the "service* method of the HttpServlet. According the OSGi R5 compendium specification chapter 102.8.3, "it is the responsibility of the Servlet and Http Context implementations to use a doPrivileged block when performing privileged operations."
--
This message was sent by Atlassian JIRA
(v6.2#6252)