Holly Cummins created ARIES-863:
-----------------------------------
Summary: Blueprint container needs to use bundle's permissions,
not its own permissions, for looking up services
Key: ARIES-863
URL: https://issues.apache.org/jira/browse/ARIES-863
Project: Aries
Issue Type: Bug
Components: Blueprint
Affects Versions: blueprint-core-0.4.1, 1.0
Reporter: Holly Cummins
Assignee: Holly Cummins
Priority: Minor
We've regressed the testNoImportPermission test in the blueprint.secure suite
of the OSGi compliance tests (from a clean run in 0.3).
What it's testing is that when the blueprint container gets services on behalf
of a bundle, it uses that bundle's permission. ARIES-727 switched from the
ReferenceRecipe calling the getService() method on BluePrintContainerImpl to
calling getService() itself. I believe the reason was to allow different bundle
contexts to be used for some references and reference lists, to support
namespace handlers adding service references. ARIES-816 re-introduced a
doPrivileged block, but using the privileges of the blueprint code, not the
managed bundle.
I think in the case where a reference uses a different bundle context, the
lookup should probably be done with the privileges of the bundle which can
'see' the service.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
