[jira] [Resolved] (FELIX-4610) WebConsole doesn't start with Java Security enabled

Thu, 21 Aug 2014 04:57:47 -0700 

     [ 
https://issues.apache.org/jira/browse/FELIX-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Valentin Valchev resolved FELIX-4610.
-------------------------------------

    Resolution: Fixed

Fixed in svn rev. 1619371

> WebConsole doesn't start with Java Security enabled
> ---------------------------------------------------
>
>                 Key: FELIX-4610
>                 URL: https://issues.apache.org/jira/browse/FELIX-4610
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: webconsole-4.2.2
>            Reporter: Valentin Valchev
>            Assignee: Valentin Valchev
>            Priority: Blocker
>             Fix For: webconsole-4.2.4
>
>
> The framework is run with java security enabled. When I attempt to start the 
> webconsole there is an exception:
> {code}
> java.security.AccessControlException: access denied 
> ("org.osgi.framework.ServicePermission" "(service.id=44)" "get")
>         at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
>         at 
> com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:110)
>         at 
> com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:71)
>         at 
> com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions0(BasicSecurityImpl.java:256)
>         at 
> com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkServicePermissions(BasicSecurityImpl.java:251)
>         at 
> com.prosyst.mbs.impl.framework.ServicesManager.getSR(ServicesManager.java:774)
>         at 
> com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences0(BundleContextImpl.java:794)
>         at 
> com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:774)
>         at 
> com.prosyst.mbs.impl.framework.BundleContextImpl.getServiceReferences(BundleContextImpl.java:749)
>         at 
> org.osgi.util.tracker.ServiceTracker.getInitialReferences(ServiceTracker.java:334)
>         at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:297)
>         at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
>         at 
> org.apache.felix.webconsole.internal.servlet.OsgiManager.updateConfiguration(OsgiManager.java:1002)
>         at 
> org.apache.felix.webconsole.internal.servlet.ConfigurationSupport.updated(ConfigurationSupport.java:51)
> {code}
> The reason for this exception is that Web Console tries to access a service 
> in it's updated method. Since configuration admin bundle doesn't have enough 
> permission the call fails and the /system/console alias doesn't get 
> registered.
> To solve that issue, the updated method should use doPrivileged when 
> performing the operations. 
> The same applies to the "service* method of the HttpServlet. According the 
> OSGi R5 compendium specification chapter 102.8.3, "it is the responsibility 
> of the Servlet and Http Context implementations to use a doPrivileged block 
> when performing privileged operations."



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to