[
https://issues.apache.org/jira/browse/ARIES-963?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Teodor Todorov closed ARIES-963.
--------------------------------
Resolution: Invalid
Sorry, it was my mistake. I made local changes trying to debug another issue
and actually the error comes from my local changes.
> Spi-fly requires the bundle, whose class is being woven, to have
> AdaptPermission for a successful weaving.
> ----------------------------------------------------------------------------------------------------------
>
> Key: ARIES-963
> URL: https://issues.apache.org/jira/browse/ARIES-963
> Project: Aries
> Issue Type: Bug
> Reporter: Teodor Todorov
>
> Hello Colleagues,
> The spi-fly weaving hook inserts in the byte code of the woven class
> execution of the method
> "org.apache.aries.spifly.Util.fixContextClassloader(String cls, String
> method, Class<?> clsArg, ClassLoader bundleLoader)"
> This method in its turn calls the method
> "org.apache.aries.spifly.Util.findContextClassloader(Bundle consumerBundle,
> String className, String methodName, Class<?> clsArg)". The latter internally
> calls "BundleWiring bundleWiring =
> (BundleWiring)consumerBundle.adapt(BundleWiring.class);" on line 137, which
> requires the caller to have the AdaptPermission
> ("org.osgi.framework.AdaptPermission"
> "org.osgi.framework.wiring.BundleWiring" "adapt").
> Option1)
> Since the spi-fly weaving hook has the WovenClass object, it may obtain the
> BundleWiring without any security checks through the
> WovenClass.getBundleWiring() call and may pass this BundleWiring object to
> the Util methods, which are inserted in the woven class byte code. This would
> require changes in the signature of the Util.fixContextClassloader(...) and
> Util.findContextClassloader(...) and in the code in the weaving hook, that
> uses it.
> Option2)
> Execute the call bundle.adapt(BundleRevision.class) in an
> AccessController.doPrivileged block.
> This was observed during the execution of the osgi test case for the
> serviceloader.secure on the spi-fly on top of the OSGi R5 compatible
> implementation from ProSyst. Here is the stack trace:
> java.security.AccessControlException: access denied
> ("org.osgi.framework.AdaptPermission"
> "org.osgi.framework.wiring.BundleWiring" "adapt")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
> at
> com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:110)
> at
> com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:71)
> at
> com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkAdaptPermission(BasicSecurityImpl.java:445)
> at
> com.prosyst.mbs.impl.framework.BundleImpl.adapt(BundleImpl.java:7437)
> at
> com.prosyst.mbs.impl.framework.BundleImpl.adapt(BundleImpl.java:7430)
> at
> org.apache.aries.spifly.Util.findContextClassloader(Util.java:137)
> at
> org.apache.aries.spifly.Util.fixContextClassloader(Util.java:84)
> at
> org.osgi.test.cases.serviceloader.secure.client.ColorProviderClient.$$FCCL$$java#util#ServiceLoader$load$java#lang#Class(ColorProviderClient.java)
> at
> org.osgi.test.cases.serviceloader.secure.client.ColorProviderClient.run(ColorProviderClient.java:38)
> at
> org.osgi.test.cases.serviceloader.secure.junit.ServiceLoaderSecureTest.testLegacyClientWithPermission(ServiceLoaderSecureTest.java:292)
> ...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
