[
https://issues.apache.org/jira/browse/FELIX-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735506#action_12735506
]
Gerrit van Brakel commented on FELIX-1363:
------------------------------------------
It seems like the cause of the problem is not an incompatibility of Felix and
WebSphere / Equinox, but is caused by nesting one framework in another, in
combination with Java 2 Security. Security evaluation for the inner framework
hits policy rules probably meant for bundles of the outer framework.
I can imagine that something like namespaces in policies are required to fix
this.
> Stack overflow on Java 2 Security evaluation of getLocation() in WebSphere
> ---------------------------------------------------------------------------
>
> Key: FELIX-1363
> URL: https://issues.apache.org/jira/browse/FELIX-1363
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.2.1
, felix-1.4.1, felix-1.8.0, felix-1.8.1
> Environment: WebSphere 6.1 with Java 2 Security enabled
> Reporter: Gerrit van Brakel
>
> When the Felix framework is used in an application in WebSphere, the Java 2
> Security permission evaluation of Felix.getLocation() causes a Stack Overflow.
>
> The Stack Overflow is caused by an incompatiblity between classes of the
> Felix framework and the framework classes present in WebSphere.
>
> When the permissions for Felix.getLocation() are evaluated, an
> AdminPermission object is created and evaluated. The AdminPermission
> permission object created is not the one supplied by the Felix framework, but
> one found higher on the classpath: the WebSphere/eclipse version of the
> AdminPermission class. This version of the class is incompatible with Felix,
> as it uses getLocation() in its evaluation.
> ways to work around or solve this problem:
> 1) disable Java 2 Security (not acceptable by company policy)
> 2) grant a global AllPermissions (not acceptable by company policy): by
> specifying global AllPermissions, the evaluation of permissions seems to be
> avoided
> 3) modify the Felix Framework in such a way that no permissions are
> set/evaluated for getLocation()
> 4) modify the Websphere / eclipse version of AdminPermission in such a way
> that no getLocation() is used in its evaluation
> A test for option 3 has been performed on Felix 1.2.1. If the permission test
> is removed from BundleImpl.getLocation() and Felix.getLocation(), the stack
> overflow does not appear. Of course the permission test is lost in the
> process.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
