Author: pauls
Date: Wed Aug 6 08:59:20 2008
New Revision: 683310
URL: http://svn.apache.org/viewvc?rev=683310&view=rev
Log:
Subject.doAs is not considered by the spec and doesn't work well with the
current approach we have inside the framework. This commit makes it work based
on the current security policy installed. Furthermore, it is now possible (and
needed) to assign permissions to bundles via the security policy (based on the
bundle location - not certificates). In other words, as of now, correct
permissions have to be assigned to the framework and bundles using the java
security policy based on either the codesource or the subject, if subject.doAs
is used. This is possible because bundles do have a codesource now and the
bundle protection domain asks the installed policy for permissions in case no
security provider is installed. (FELIX-654)
Modified:
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
Modified:
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL:
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
---
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
(original)
+++
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
Wed Aug 6 08:59:20 2008
@@ -18,17 +18,24 @@
*/
package org.apache.felix.framework;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.CodeSource;
import java.security.Permission;
import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
public class BundleProtectionDomain extends ProtectionDomain
{
private final Felix m_felix;
private final FelixBundle m_bundle;
- public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+ public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+ throws MalformedURLException
{
- super(null, null);
+ super(new CodeSource(new URL(new URL(null, "location:",
+ new FakeURLStreamHandler()), felix.getBundleLocation(bundle),
+ new FakeURLStreamHandler()), (Certificate[]) null), null);
m_felix = felix;
m_bundle = bundle;
}
@@ -61,7 +68,7 @@
}
return m_bundle == ((BundleProtectionDomain) other).m_bundle;
}
-
+
public String toString()
{
return "[" + m_bundle + "]";
Modified:
felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL:
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
(original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
Wed Aug 6 08:59:20 2008
@@ -3402,6 +3402,10 @@
{
return
m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission,
direct);
}
+ else if ((bundleProtectionDomain.getBundle() != this) &&
(System.getSecurityManager() != null))
+ {
+ return m_secureAction.getPolicy().implies(bundleProtectionDomain,
permission);
+ }
return true;
}
