You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by cz...@apache.org on 2015/07/20 19:30:14 UTC

svn commit: r1691989 - in /felix/trunk/configadmin: pom.xml src/main/java/org/apache/felix/cm/impl/UpdateThread.java

Author: cziegeler
Date: Mon Jul 20 17:30:13 2015
New Revision: 1691989

URL: http://svn.apache.org/r1691989
Log:
FELIX-4962 : Configadmin leaks caller's security context downstream. Apply patch by Ray Auge and move to parent pom 3

Modified:
    felix/trunk/configadmin/pom.xml
    felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java

Modified: felix/trunk/configadmin/pom.xml
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/pom.xml?rev=1691989&r1=1691988&r2=1691989&view=diff
==============================================================================
--- felix/trunk/configadmin/pom.xml (original)
+++ felix/trunk/configadmin/pom.xml Mon Jul 20 17:30:13 2015
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.apache.felix</groupId>
         <artifactId>felix-parent</artifactId>
-        <version>2.1</version>
+        <version>3</version>
         <relativePath>../pom/pom.xml</relativePath>
     </parent>
 
@@ -74,10 +74,6 @@
         <bundle.file.name>
             ${bundle.build.name}/${project.build.finalName}.jar
         </bundle.file.name>
-
-        <felix.build.source>5</felix.build.source>
-        <felix.build.target>5</felix.build.target>
-        <felix.java.signature.artifactId>java15</felix.java.signature.artifactId>
     </properties>
 
     <dependencies>
@@ -224,33 +220,6 @@
                     </instructions>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>animal-sniffer-maven-plugin</artifactId>
-                <version>1.7</version>
-                <configuration>
-                    <signature>
-                        <groupId>org.codehaus.mojo.signature</groupId>
-                        <artifactId>java15</artifactId>
-                        <version>1.0</version>
-                    </signature>
-                </configuration>
-                <executions>
-                    <execution>
-                        <phase>test</phase>
-                        <goals>
-                            <goal>check</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <source>1.5</source>
-                    <target>1.5</target>
-                </configuration>
-            </plugin>
             <!--
                 Exclude Integration tests in (default) unit tests and
                 conversely enable integration tests for integration testing

Modified: felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java?rev=1691989&r1=1691988&r2=1691989&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java (original)
+++ felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java Mon Jul 20 17:30:13 2015
@@ -18,6 +18,10 @@
  */
 package org.apache.felix.cm.impl;
 
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import java.util.LinkedList;
 
@@ -47,12 +51,15 @@ public class UpdateThread implements Run
     // the actual thread
     private Thread worker;
 
+    // the access control context
+    private final AccessControlContext acc;
 
     public UpdateThread( final ConfigurationManager configurationManager, final ThreadGroup tg, final String name )
     {
         this.configurationManager = configurationManager;
         this.workerThreadGroup = tg;
         this.workerBaseName = name;
+        this.acc = AccessController.getContext();
 
         this.updateTasks = new LinkedList();
     }
@@ -100,7 +107,7 @@ public class UpdateThread implements Run
                 configurationManager.log( LogService.LOG_DEBUG, "Running task {0}", new Object[]
                     { task } );
 
-                task.run();
+                run0(task);
             }
             catch ( Throwable t )
             {
@@ -114,6 +121,29 @@ public class UpdateThread implements Run
         }
     }
 
+    void run0(final Runnable task) throws Throwable {
+        if (System.getSecurityManager() != null) {
+            try {
+                AccessController.doPrivileged(
+                    new PrivilegedExceptionAction<Void>() {
+                        @Override
+                        public Void run() throws Exception {
+                            task.run();
+                            return null;
+                        }
+                    },
+                    acc
+                );
+            }
+            catch (PrivilegedActionException pae) {
+                throw pae.getException();
+            }
+        }
+        else {
+            task.run();
+        }
+    }
+
     /**
      * Starts processing the queued tasks. This method does nothing if the
      * worker has already been started.