Stack overflow on Java 2 Security evaluation of getLocation() in WebSphere
---------------------------------------------------------------------------
Key: FELIX-1363
URL: https://issues.apache.org/jira/browse/FELIX-1363
Project: Felix
Issue Type: Bug
Components: Framework
Affects Versions: felix-1.8.1, felix-1.8.0, felix-1.4.1, felix-1.2.1
Environment: WebSphere 6.1 with Java 2 Security enabled
Reporter: Gerrit van Brakel
When the Felix framework is used in an application in WebSphere, the Java 2
Security permission evaluation of Felix.getLocation() causes a Stack Overflow.
The Stack Overflow is caused by an incompatiblity between classes of the Felix
framework and the framework classes present in WebSphere.
When the permissions for Felix.getLocation() are evaluated, an AdminPermission
object is created and evaluated. The AdminPermission permission object created
is not the one supplied by the Felix framework, but one found higher on the
classpath: the WebSphere/eclipse version of the AdminPermission class. This
version of the class is incompatible with Felix, as it uses getLocation() in
its evaluation.
ways to work around or solve this problem:
1) disable Java 2 Security (not acceptable by company policy)
2) grant a global AllPermissions (not acceptable by company policy): by
specifying global AllPermissions, the evaluation of permissions seems to be
avoided
3) modify the Felix Framework in such a way that no permissions are
set/evaluated for getLocation()
4) modify the Websphere / eclipse version of AdminPermission in such a way that
no getLocation() is used in its evaluation
A test for option 3 has been performed on Felix 1.2.1. If the permission test
is removed from BundleImpl.getLocation() and Felix.getLocation(), the stack
overflow does not appear. Of course the permission test is lost in the process.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
