[ARIES-1776] Fixes for tck tests with SecurityManager
Project: http://git-wip-us.apache.org/repos/asf/aries-rsa/repo Commit: http://git-wip-us.apache.org/repos/asf/aries-rsa/commit/75448368 Tree: http://git-wip-us.apache.org/repos/asf/aries-rsa/tree/75448368 Diff: http://git-wip-us.apache.org/repos/asf/aries-rsa/diff/75448368 Branch: refs/heads/master Commit: 75448368d0efecbef48464bbf10791986e20c4b0 Parents: 2033037 Author: Christian Schneider <[email protected]> Authored: Thu Feb 8 17:25:52 2018 +0100 Committer: Christian Schneider <[email protected]> Committed: Thu Feb 8 17:40:34 2018 +0100 ---------------------------------------------------------------------- .../aries/rsa/core/RemoteServiceAdminCore.java | 48 ++++++++++++++------ .../rsa/core/RemoteServiceAdminInstance.java | 7 +-- .../aries/rsa/core/event/EventAdminSender.java | 13 ++++-- .../rsa/core/RemoteServiceAdminCoreTest.java | 29 ++++-------- 4 files changed, 56 insertions(+), 41 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/aries-rsa/blob/75448368/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminCore.java ---------------------------------------------------------------------- diff --git a/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminCore.java b/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminCore.java index 654e61d..1586307 100644 --- a/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminCore.java +++ b/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminCore.java @@ -18,6 +18,8 @@ */ package org.apache.aries.rsa.core; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -44,6 +46,7 @@ import org.osgi.framework.ServiceListener; import org.osgi.framework.ServiceReference; import org.osgi.framework.ServiceRegistration; import org.osgi.service.remoteserviceadmin.EndpointDescription; +import org.osgi.service.remoteserviceadmin.EndpointPermission; import org.osgi.service.remoteserviceadmin.ExportReference; import org.osgi.service.remoteserviceadmin.ExportRegistration; import org.osgi.service.remoteserviceadmin.ImportReference; @@ -210,22 +213,29 @@ public class RemoteServiceAdminCore implements RemoteServiceAdmin { return null; } - private ExportRegistration exportService(List<String> interfaceNames, - ServiceReference<?> serviceReference, Map<String, Object> serviceProperties) { + private ExportRegistration exportService( + final List<String> interfaceNames, + final ServiceReference<?> serviceReference, + final Map<String, Object> serviceProperties) { LOG.info("interfaces selected for export: " + interfaceNames); try { - Class<?>[] interfaces = getInterfaces(interfaceNames, serviceReference.getBundle()); - Map<String, Object> eprops = createEndpointProps(serviceProperties, interfaces); - Bundle bundle = serviceReference.getBundle(); - if (bundle == null) { + checkPermission(new EndpointPermission("*", EndpointPermission.EXPORT)); + Bundle serviceBundle = serviceReference.getBundle(); + if (serviceBundle == null) { throw new IllegalStateException("Service is already unregistered"); } - BundleContext serviceContext = bundle.getBundleContext(); + final BundleContext serviceContext = serviceBundle.getBundleContext(); + final Object serviceO = serviceContext.getService(serviceReference); + final Class<?>[] interfaces = getInterfaces(serviceO, interfaceNames); + final Map<String, Object> eprops = createEndpointProps(serviceProperties, interfaces); // TODO unget service when export is destroyed - Object serviceO = serviceContext.getService(serviceReference); - Endpoint endpoint = provider.exportService(serviceO, serviceContext, eprops, interfaces); + Endpoint endpoint = AccessController.doPrivileged(new PrivilegedAction<Endpoint>() { + public Endpoint run() { + return provider.exportService(serviceO, serviceContext, eprops, interfaces); + } + }); if (endpoint == null) { return null; } @@ -238,11 +248,16 @@ public class RemoteServiceAdminCore implements RemoteServiceAdmin { } } - private Class<?>[] getInterfaces(List<String> interfaceNames, - Bundle serviceBundle) throws ClassNotFoundException { + private Class<?>[] getInterfaces( + Object serviceO, + List<String> interfaceNames + ) throws ClassNotFoundException { List<Class<?>> interfaces = new ArrayList<>(); - for (String interfaceName : interfaceNames) { - interfaces.add(serviceBundle.loadClass(interfaceName)); + Class<?>[] allInterfaces = serviceO.getClass().getInterfaces(); + for (Class<?> iface : allInterfaces) { + if (interfaceNames.contains(iface.getName())) { + interfaces.add(iface); + } } return interfaces.toArray(new Class[]{}); } @@ -649,4 +664,11 @@ public class RemoteServiceAdminCore implements RemoteServiceAdmin { } } } + + private void checkPermission(EndpointPermission permission) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(permission); + } + } } http://git-wip-us.apache.org/repos/asf/aries-rsa/blob/75448368/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminInstance.java ---------------------------------------------------------------------- diff --git a/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminInstance.java b/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminInstance.java index cd435ba..7158f52 100644 --- a/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminInstance.java +++ b/rsa/src/main/java/org/apache/aries/rsa/core/RemoteServiceAdminInstance.java @@ -52,12 +52,7 @@ public class RemoteServiceAdminInstance implements RemoteServiceAdmin { @Override @SuppressWarnings("rawtypes") public List<ExportRegistration> exportService(final ServiceReference ref, final Map properties) { - checkPermission(new EndpointPermission("*", EndpointPermission.EXPORT)); - return AccessController.doPrivileged(new PrivilegedAction<List<ExportRegistration>>() { - public List<ExportRegistration> run() { - return closed ? Collections.<ExportRegistration>emptyList() : rsaCore.exportService(ref, properties); - } - }); + return closed ? Collections.<ExportRegistration>emptyList() : rsaCore.exportService(ref, properties); } @Override http://git-wip-us.apache.org/repos/asf/aries-rsa/blob/75448368/rsa/src/main/java/org/apache/aries/rsa/core/event/EventAdminSender.java ---------------------------------------------------------------------- diff --git a/rsa/src/main/java/org/apache/aries/rsa/core/event/EventAdminSender.java b/rsa/src/main/java/org/apache/aries/rsa/core/event/EventAdminSender.java index f42afc9..9f3e55c 100644 --- a/rsa/src/main/java/org/apache/aries/rsa/core/event/EventAdminSender.java +++ b/rsa/src/main/java/org/apache/aries/rsa/core/event/EventAdminSender.java @@ -1,5 +1,7 @@ package org.apache.aries.rsa.core.event; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Map; @@ -30,11 +32,16 @@ public class EventAdminSender { } public void send(RemoteServiceAdminEvent rsaEvent) { - Event event = toEvent(rsaEvent); + final Event event = toEvent(rsaEvent); ServiceReference<EventAdmin> sref = this.context.getServiceReference(EventAdmin.class); if (sref != null) { - EventAdmin eventAdmin = this.context.getService(sref); - eventAdmin.postEvent(event); + final EventAdmin eventAdmin = this.context.getService(sref); + AccessController.doPrivileged(new PrivilegedAction<Void>() { + public Void run() { + eventAdmin.postEvent(event); + return null; + } + }); this.context.ungetService(sref); } } http://git-wip-us.apache.org/repos/asf/aries-rsa/blob/75448368/rsa/src/test/java/org/apache/aries/rsa/core/RemoteServiceAdminCoreTest.java ---------------------------------------------------------------------- diff --git a/rsa/src/test/java/org/apache/aries/rsa/core/RemoteServiceAdminCoreTest.java b/rsa/src/test/java/org/apache/aries/rsa/core/RemoteServiceAdminCoreTest.java index 02f6f18..c6f3378 100644 --- a/rsa/src/test/java/org/apache/aries/rsa/core/RemoteServiceAdminCoreTest.java +++ b/rsa/src/test/java/org/apache/aries/rsa/core/RemoteServiceAdminCoreTest.java @@ -212,6 +212,7 @@ public class RemoteServiceAdminCoreTest { ServiceReference sref = mockServiceReference(sProps); provider.endpoint = createEndpoint(sProps); + ServiceReference sref2 = mockServiceReference(sProps); c.replay(); // Export the service for the first time @@ -230,7 +231,6 @@ public class RemoteServiceAdminCoreTest { // Ask to export the same service again, this should not go through the whole process again but simply return // a copy of the first instance. - ServiceReference sref2 = mockServiceReference(sProps); List<ExportRegistration> eregs2 = rsaCore.exportService(sref2, null); assertEquals(1, eregs2.size()); ExportRegistration ereg2 = eregs2.iterator().next(); @@ -296,6 +296,7 @@ public class RemoteServiceAdminCoreTest { sProps.put("service.exported.interfaces", "*"); ServiceReference sref = mockServiceReference(sProps); + c.replay(); provider.ex = new TestException(); List<ExportRegistration> ereg = rsaCore.exportService(sref, sProps); @@ -304,6 +305,7 @@ public class RemoteServiceAdminCoreTest { Collection<ExportReference> exportedServices = rsaCore.getExportedServices(); assertEquals("No service was exported", 0, exportedServices.size()); + c.verify(); } @Test @@ -345,34 +347,23 @@ public class RemoteServiceAdminCoreTest { } private ServiceReference mockServiceReference(final Map<String, Object> sProps) { - BundleContext bc = EasyMock.createNiceMock(BundleContext.class); - - Bundle sb = EasyMock.createNiceMock(Bundle.class); + BundleContext bc = c.createMock(BundleContext.class); + Bundle sb = c.createMock(Bundle.class); expect(sb.getBundleContext()).andReturn(bc).anyTimes(); - try { - expect((Class)sb.loadClass(Runnable.class.getName())).andReturn(Runnable.class); - } catch (ClassNotFoundException e) { - throw new IllegalStateException(e.getMessage(), e); - } - EasyMock.replay(sb); - expect(bc.getBundle()).andReturn(sb).anyTimes(); - EasyMock.replay(bc); - ServiceReference sref = EasyMock.createNiceMock(ServiceReference.class); + String[] propKeys = sProps.keySet().toArray(new String[] {}); + ServiceReference sref = c.createMock(ServiceReference.class); expect(sref.getBundle()).andReturn(sb).anyTimes(); - expect(sref.getPropertyKeys()).andReturn(sProps.keySet().toArray(new String[] {})).anyTimes(); + expect(sref.getPropertyKeys()).andReturn(propKeys).anyTimes(); expect(sref.getProperty((String) EasyMock.anyObject())).andAnswer(new IAnswer<Object>() { @Override public Object answer() throws Throwable { return sProps.get(EasyMock.getCurrentArguments()[0]); } }).anyTimes(); - EasyMock.replay(sref); - - Runnable svcObject = EasyMock.createNiceMock(Runnable.class); - EasyMock.replay(svcObject); - + Runnable svcObject = c.createMock(Runnable.class); + expect(bc.getService(sref)).andReturn(svcObject).anyTimes(); return sref; }
