[jira] Commented: (FELIX-1169) Service event callbacks fail silently when denied permission

Fri, 22 May 2009 09:17:11 -0700 

    [ 
https://issues.apache.org/jira/browse/FELIX-1169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12712149#action_12712149
 ] 

Karl Pauls commented on FELIX-1169:
-----------------------------------

I think that we do what the spec is asking us to do. I will close this as 
invalid unless you can point me to where in the spec it does say otherwise.

> Service event callbacks fail silently when denied permission
> ------------------------------------------------------------
>
>                 Key: FELIX-1169
>                 URL: https://issues.apache.org/jira/browse/FELIX-1169
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.6.1
>         Environment: Environments that have a SecurityManager installed, like 
> the Google App Engine.
>            Reporter: ted stockwell
>            Assignee: Karl Pauls
>            Priority: Minor
>
> The 
> org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback 
> method checks for permission before making callbacks to 
> ServiceListener.serviceChanged.
> However, if no permission has been granted to listener for any of the service 
> interfaces that are being listened to then this method fails silently (making 
> the failure to get the callback hard to diagnose).
> This snippet of code in the EventDispatcher.invokeServiceListenerCallback 
> method....
>             Object sm = System.getSecurityManager();
>             if ((acc != null) && (sm != null))
>             {
>                 for (int i = 0;
>                     !hasPermission && (i < objectClass.length);
>                     i++)
>                 {
>                     try
>                     {
>                         ServicePermission perm =
>                             new ServicePermission(
>                                 objectClass[i], ServicePermission.GET);
>                         ((SecurityManager) sm).checkPermission(perm, acc);
>                         hasPermission = true;
>                     }
>                     catch (Exception ex)
>                     {
>                     }
>                 }
>             }
>             else
>             {
>                 hasPermission = true;
>             }
> ....should probably be changed to throw a SecurityException if no permission 
> is found.
> Like so....
>             Object sm = System.getSecurityManager();
>             if ((acc != null) && (sm != null))
>             {
>                 for (int i = 0;
>                     !hasPermission && (i < objectClass.length);
>                     i++)
>                 {
>                     try
>                     {
>                         ServicePermission perm =
>                             new ServicePermission(
>                                 objectClass[i], ServicePermission.GET);
>                         ((SecurityManager) sm).checkPermission(perm, acc);
>                         hasPermission = true;
>                     }
>                     catch (Exception ex)
>                     {
>                     }
>                 }
>                 if (!hasPermission)
>                     throw new SecurityException();
>             }
>             else
>             {
>                 hasPermission = true;
>             }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to