[
https://issues.apache.org/jira/browse/FELIX-5978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls closed FELIX-5978.
-----------------------------
> Felix framework unable to retrieve custom URL handlers when security is on
> --------------------------------------------------------------------------
>
> Key: FELIX-5978
> URL: https://issues.apache.org/jira/browse/FELIX-5978
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: framework-6.0.0, framework-6.0.1
> Reporter: Timothy Ward
> Assignee: Karl Pauls
> Priority: Critical
> Fix For: framework-6.0.2
>
>
> When running with multiple frameworks in the same VM, custom URL Handlers,
> and OSGi security on there are a couple of problems:
>
> Firstly, this security exception results in the custom URL handler being
> ignored. The framework should really be using a doPriv here.
> {code:java}
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "getClassLoader")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
> at java.lang.Class.getClassLoader(Class.java:683)
> at
> org.apache.felix.framework.URLHandlers.getFrameworkFromContext(URLHandlers.java:690)
> at
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.getStreamHandlerService(URLHandlersStreamHandlerProxy.java:574)
> at
> org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.java:474)
> at java.net.URL.toExternalForm(URL.java:929)
> at java.net.URL.toString(URL.java:915)
> at java.lang.ClassLoader.defineClassSourceLocation(ClassLoader.java:678)
> at java.lang.ClassLoader.defineClass(ClassLoader.java:762)
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344)
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162)
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096)
> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565)
> at
> org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> at
> org.apache.felix.cm.impl.ConfigurationManager.configure(ConfigurationManager.java:758)
> {code}
> Secondly, the wrong framework is returned some of the time due to the logic
> of URLHandlers.getFrameworkContext() - in this method it assumes that there
> will be a bundle class loader on the stack, which is not true when the
> launcher is starting a bundle (the framework reflectively loads the Activator
> type which requires a URL check to set the security domain).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
