Service event callbacks fail silently when denied permission
------------------------------------------------------------
Key: FELIX-1169
URL: https://issues.apache.org/jira/browse/FELIX-1169
Project: Felix
Issue Type: Bug
Components: Framework
Affects Versions: felix-1.6.1
Environment: Environments that have a SecurityManager installed, like
the Google App Engine.
Reporter: ted stockwell
Priority: Minor
The
org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback
method checks for permission before making callbacks to
ServiceListener.serviceChanged.
However, if no permission has been granted to listener for any of the service
interfaces that are being listened to then this method fails silently (making
the failure to get the callback hard to diagnose).
This snippet of code in the EventDispatcher.invokeServiceListenerCallback
method....
Object sm = System.getSecurityManager();
if ((acc != null) && (sm != null))
{
for (int i = 0;
!hasPermission && (i < objectClass.length);
i++)
{
try
{
ServicePermission perm =
new ServicePermission(
objectClass[i], ServicePermission.GET);
((SecurityManager) sm).checkPermission(perm, acc);
hasPermission = true;
}
catch (Exception ex)
{
}
}
}
else
{
hasPermission = true;
}
....should probably be changed to throw a SecurityException if no permission is
found.
Like so....
Object sm = System.getSecurityManager();
if ((acc != null) && (sm != null))
{
for (int i = 0;
!hasPermission && (i < objectClass.length);
i++)
{
try
{
ServicePermission perm =
new ServicePermission(
objectClass[i], ServicePermission.GET);
((SecurityManager) sm).checkPermission(perm, acc);
hasPermission = true;
}
catch (Exception ex)
{
}
}
if (!hasPermission)
throw new SecurityException();
}
else
{
hasPermission = true;
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
