You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Valentin Valchev (JIRA)" <ji...@apache.org> on 2014/08/21 13:57:10 UTC
[jira] [Updated] (FELIX-4610) WebConsole doesn't start with Java
Security enabled
[ https://issues.apache.org/jira/browse/FELIX-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Valentin Valchev updated FELIX-4610:
------------------------------------
Summary: WebConsole doesn't start with Java Security enabled (was: WebConsole doesn't start with Java Secruity enabled)
> WebConsole doesn't start with Java Security enabled
> ---------------------------------------------------
>
> Key: FELIX-4610
> URL: https://issues.apache.org/jira/browse/FELIX-4610
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-4.2.2
> Reporter: Valentin Valchev
> Assignee: Valentin Valchev
> Priority: Blocker
> Fix For: webconsole-4.2.4
>
>
> The framework is run with java security enabled. When I attempt to start the webconsole there is an exception:
> {code}
> java.security.AccessControlException: access denied ("org.osgi.framework.ServicePermission" "(service.id=44)" "get")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
> at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:110)
> at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:71)
> at com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions0(BasicSecurityImpl.java:256)
> at com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions(BasicSecurityImpl.java:251)
> at com.prosyst.mbs.impl.framework.ServicesManager.getSR(ServicesManager.java:774)
> at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences0(BundleContextImpl.java:794)
> at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:774)
> at com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:749)
> at org.osgi.util.tracker.ServiceTracker.getInitialReferences(ServiceTracker.java:334)
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:297)
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
> at org.apache.felix.webconsole.internal.servlet.OsgiManager.updateConfiguration(OsgiManager.java:1002)
> at org.apache.felix.webconsole.internal.servlet.ConfigurationSupport.updated(ConfigurationSupport.java:51)
> {code}
> The reason for this exception is that Web Console tries to access a service in it's updated method. Since configuration admin bundle doesn't have enough permission the call fails and the /system/console alias doesn't get registered.
> To solve that issue, the updated method should use doPrivileged when performing the operations.
> The same applies to the "service* method of the HttpServlet. According the OSGi R5 compendium specification chapter 102.8.3, "it is the responsibility of the Servlet and Http Context implementations to use a doPrivileged block when performing privileged operations."
--
This message was sent by Atlassian JIRA
(v6.2#6252)