[jira] Commented: (FELIX-837) Setting the SecurityManager in a bundle generate an infinite loop

[JIRA]

    [ 
https://issues.apache.org/jira/browse/FELIX-837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12653841#action_12653841
 ] 

François Fornaciari commented on FELIX-837:
-------------------------------------------

Hi Karl,

In fact, we don't really set the SecurityManager inside a bundle, but just 
before launching the Felix framework (we have a custom Felix launcher). So 
maybe this bug is more serious that it seems.
We have tested the second workarround by setting a custom Policy and it seems 
to fix the bug.
We also need some investigations to understand exactly what happens as we just 
migrate from Felix 1.0.3 to 1.4.0. 

Best Regards,
François

> Setting the SecurityManager in a bundle generate an infinite loop
> -----------------------------------------------------------------
>
>                 Key: FELIX-837
>                 URL: https://issues.apache.org/jira/browse/FELIX-837
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.4.0
>            Reporter: Loris Bouzonnet
>            Assignee: Karl Pauls
>            Priority: Minor
>             Fix For: felix-1.4.1
>
>         Attachments: sm-test.zip
>
>
> Since Felix 1.4.0, each method invocation is now check in the class 
> SecureAction. When we DON'T set the security manager as argument of the 
> command line and a started bundle tries to set this one, we always get an 
> infinite loop:
>       at java.net.URL.<init>(URL.java:413)
>       at sun.security.provider.PolicyFile$3.run(PolicyFile.java:676)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> sun.security.provider.PolicyFile.initStaticPolicy(PolicyFile.java:617)
>       at sun.security.provider.PolicyFile.<init>(PolicyFile.java:314)
>       at java.security.Policy.getPolicyNoCheck(Policy.java:145)
>       at java.security.ProtectionDomain.implies(ProtectionDomain.java:195)
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:249)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:427)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>       at 
> java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
>       at 
> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1123)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> org.apache.felix.framework.util.SecureAction.invoke(SecureAction.java:754)
>       at 
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.getStreamHandlerService(URLHandlersStreamHandlerProxy.java:400)
>       at 
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:267)
>       at java.net.URL.<init>(URL.java:596)
>       at java.net.URL.<init>(URL.java:464)
>       at java.net.URL.<init>(URL.java:413)
>       at sun.security.provider.PolicyFile$3.run(PolicyFile.java:676)
> ... until a stack overflow.
> To reproduce it, just start the attached bundle that does:
> System.setSecurityManager(new RMISecurityManager());
> URL wantBug = new URL("http://felix.apache.org";);
> System.out.println("I want a bug: " + wantBug.toExternalForm());
> If the security manager is set in the command line, there is no bug.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.