[jira] Updated: (FELIX-654) Subject.doAs not supported

Fri, 01 Aug 2008 15:39:54 -0700 

     [ 
https://issues.apache.org/jira/browse/FELIX-654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard S. Hall updated FELIX-654:
----------------------------------

    Fix Version/s:     (was: felix-1.0.5)
                   felix-1.2.0

> Subject.doAs not supported
> --------------------------
>
>                 Key: FELIX-654
>                 URL: https://issues.apache.org/jira/browse/FELIX-654
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.0.4
>            Reporter: Karl Pauls
>            Assignee: Karl Pauls
>             Fix For: felix-1.2.0
>
>
> Subject.doAs allows to perform work as a particular Subject. It first 
> retrieves the current Thread's AccessControlContext via 
> AccessController.getContext, and then instantiates a new AccessControlContext 
> using the retrieved context along with a new SubjectDomainCombiner 
> (constructed using the provided Subject). Finally, this method invokes 
> AccessController.doPrivileged, passing it the provided PrivilegedAction, as 
> well as the newly constructed AccessControlContext. 
> The issue is that the SubjectDomainCombiner does update the relevant 
> ProtectionDomains with the Principals from the Subject associated with this 
> SubjectDomainCombiner by creating a new ProtectionDomain instance for each 
> ProtectionDomain in the currentDomains array. Each new ProtectionDomain 
> instance is created using the CodeSource, Permissions and ClassLoader from 
> the corresponding ProtectionDomain in currentDomains, as well as with the 
> Principals from the Subject associated with this SubjectDomainCombiner. 
> This doesn't work well with the OSGi spec due to the fact that each bundle 
> (or revision to be precise) has its own custom ProtectionDomain which is lost 
> when Subject.doAs is used. There is a way to make it work for most scenarios 
> namely, make the custom ProtectionDomain return a speciall 
> PermissionCollection because that is reused by the ProtectionDomain created 
> by the SubjectDomainCombiner if no custom policy is installed (in the later 
> case a different workaround would be needed). 
> Currently, Felix doesn't work when Subject.doAs is used and security is 
> enabled. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to