You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Richard S. Hall (JIRA)" <ji...@apache.org> on 2009/06/30 20:22:47 UTC
[jira] Created: (FELIX-1286) Module class loader should use secure
action instead of a privileged block
Module class loader should use secure action instead of a privileged block
--------------------------------------------------------------------------
Key: FELIX-1286
URL: https://issues.apache.org/jira/browse/FELIX-1286
Project: Felix
Issue Type: Bug
Components: Framework
Affects Versions: felix-1.6.0, felix-1.6.1, felix-1.8.0
Reporter: Richard S. Hall
Assignee: Richard S. Hall
Fix For: felix-1.8.1
Due to some refactoring, the module class loader is no longer being created in a privileged block. Since creating a secure class loader is a protected operation, this is causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). We need to think of a new way to do this, but at a minimum we should just put a doPriv() block right in the ModuleImpl class.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FELIX-1286) Module class loader should use secure
action instead of a privileged block
Posted by "Richard S. Hall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall closed FELIX-1286.
----------------------------------
Resolution: Fixed
Committed a fix.
> Module class loader should use secure action instead of a privileged block
> --------------------------------------------------------------------------
>
> Key: FELIX-1286
> URL: https://issues.apache.org/jira/browse/FELIX-1286
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.8.1
> Reporter: Richard S. Hall
> Assignee: Richard S. Hall
> Fix For: felix-2.0.0
>
>
> Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FELIX-1286) Module class loader should use secure
action instead of a privileged block
Posted by "Richard S. Hall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall updated FELIX-1286:
-----------------------------------
Description: Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones. (was: Due to some refactoring, the module class loader is no longer being created in a privileged block. Since creating a secure class loader is a protected operation, this is causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). We need to think of a new way to do this, but at a minimum we should just put a doPriv() block right in the ModuleImpl class.)
Affects Version/s: (was: felix-1.6.1)
(was: felix-1.8.0)
(was: felix-1.6.0)
felix-1.8.1
Fix Version/s: (was: felix-1.8.1)
felix-2.0.0
> Module class loader should use secure action instead of a privileged block
> --------------------------------------------------------------------------
>
> Key: FELIX-1286
> URL: https://issues.apache.org/jira/browse/FELIX-1286
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.8.1
> Reporter: Richard S. Hall
> Assignee: Richard S. Hall
> Fix For: felix-2.0.0
>
>
> Due to some refactoring, the module class loader was no longer being created in a privileged block, which was causing difficulties when running Felix with the security manager enabled. The refactoring made our existing SecureAction approach for performing secure actions in feasible (because the class loader became an instance inner class and cannot be created externally anymore). For Felix 1.8.1, we just simply wrapped it in a doPrivileged() block, but we should change this to use SecureAction operations like getting the constructor and invoking it. This may require we add some operations to SecureAction or reorganize the existing ones.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.