Author: davidb
Date: Tue Oct 16 15:32:29 2012
New Revision: 1398848
URL: http://svn.apache.org/viewvc?rev=1398848&view=rev
Log:
Initial code to support the Security requirements from the spec.
This code is tested as part of the TCK.
Modified:
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/ProviderBundleTrackerCustomizer.java
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/Util.java
Modified:
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/ProviderBundleTrackerCustomizer.java
URL:
http://svn.apache.org/viewvc/aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/ProviderBundleTrackerCustomizer.java?rev=1398848&r1=1398847&r2=1398848&view=diff
==============================================================================
---
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/ProviderBundleTrackerCustomizer.java
(original)
+++
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/ProviderBundleTrackerCustomizer.java
Tue Oct 16 15:32:29 2012
@@ -43,6 +43,7 @@ import org.osgi.framework.Constants;
import org.osgi.framework.Filter;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServicePermission;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.log.LogService;
import org.osgi.util.tracker.BundleTrackerCustomizer;
@@ -61,7 +62,7 @@ public class ProviderBundleTrackerCustom
this.spiBundle = spiBundle;
}
- public List<ServiceRegistration> addingBundle(Bundle bundle, BundleEvent
event) {
+ public List<ServiceRegistration> addingBundle(final Bundle bundle,
BundleEvent event) {
log(LogService.LOG_INFO, "Bundle Considered for SPI providers: "
+ bundle.getSymbolicName());
@@ -131,7 +132,7 @@ public class ProviderBundleTrackerCustom
}
}
- List<ServiceRegistration> registrations = new
ArrayList<ServiceRegistration>();
+ final List<ServiceRegistration> registrations = new
ArrayList<ServiceRegistration>();
for (URL serviceFileURL : serviceFileURLs) {
log(LogService.LOG_INFO, "Found SPI resource: " + serviceFileURL);
@@ -155,13 +156,14 @@ public class ProviderBundleTrackerCustom
if (serviceFile.length() > idx) {
registrationClassName = serviceFile.substring(idx
+ 1);
}
+
if (providedServices.size() > 0 &&
!providedServices.contains(registrationClassName))
continue;
- Class<?> cls = bundle.loadClass(className);
+ final Class<?> cls = bundle.loadClass(className);
log(LogService.LOG_INFO, "Loaded SPI provider: " +
cls);
- Hashtable<String, Object> properties;
+ final Hashtable<String, Object> properties;
if (fromSPIProviderHeader)
properties = new Hashtable<String, Object>();
else
@@ -170,10 +172,27 @@ public class ProviderBundleTrackerCustom
if (properties != null) {
properties.put(SpiFlyConstants.SERVICELOADER_MEDIATOR_PROPERTY,
spiBundle.getBundleId());
properties.put(SpiFlyConstants.PROVIDER_IMPLCLASS_PROPERTY, cls.getName());
- ServiceRegistration reg =
bundle.getBundleContext().registerService(
- registrationClassName, new
ProviderServiceFactory(cls), properties);
- registrations.add(reg);
- log(LogService.LOG_INFO, "Registered service: " +
reg);
+
+ ServiceRegistration reg = null;
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ if (bundle.hasPermission(new
ServicePermission(registrationClassName, ServicePermission.REGISTER))) {
+ System.err.println("*** Found security
manager and bundle has permission to register: " + bundle);
+ reg =
bundle.getBundleContext().registerService(
+ registrationClassName, new
ProviderServiceFactory(cls), properties);
+ } else {
+ System.err.println("*** Found security
manager and bundle has NO permission to register: " + bundle);
+ log(LogService.LOG_INFO, "Bundle " +
bundle + " does not have the permission to register services of type: " +
registrationClassName);
+ }
+ } else {
+ reg =
bundle.getBundleContext().registerService(
+ registrationClassName, new
ProviderServiceFactory(cls), properties);
+ }
+
+ if (reg != null) {
+ registrations.add(reg);
+ log(LogService.LOG_INFO, "Registered service:
" + reg);
+ }
}
activator.registerProviderBundle(registrationClassName, bundle,
customAttributes);
Modified:
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/Util.java
URL:
http://svn.apache.org/viewvc/aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/Util.java?rev=1398848&r1=1398847&r2=1398848&view=diff
==============================================================================
---
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/Util.java
(original)
+++
aries/trunk/spi-fly/spi-fly-core/src/main/java/org/apache/aries/spifly/Util.java
Tue Oct 16 15:32:29 2012
@@ -21,6 +21,7 @@ package org.apache.aries.spifly;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
@@ -35,6 +36,7 @@ import java.util.jar.JarInputStream;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleReference;
import org.osgi.framework.Constants;
+import org.osgi.framework.ServicePermission;
import org.osgi.service.log.LogService;
/**
@@ -80,7 +82,18 @@ public class Util {
if (ServiceLoader.class.getName().equals(className) &&
"load".equals(methodName)) {
requestedClass = clsArg.getName();
args = new HashMap<Pair<Integer,String>, String>();
- args.put(new Pair<Integer, String>(0, Class.class.getName()),
clsArg.getName());
+ args.put(new Pair<Integer, String>(0, Class.class.getName()),
requestedClass);
+
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ try {
+ sm.checkPermission(new ServicePermission(requestedClass,
ServicePermission.GET));
+ } catch (AccessControlException ace) {
+ // access denied
+ activator.log(LogService.LOG_INFO, "No permission to
obtain service of type: " + requestedClass);
+ return null;
+ }
+ }
} else {
requestedClass = className;
args = null; // only supported on ServiceLoader.load() at the
moment
