Please talk to Sameera & understand the requirement properly before going into implementation. We need to expose OSGi services via CC in a controlled manner. The OSGi services that can be exposed via CC are declared in a config file. If the user tries to retrieve an OSGi service that has not been allowed in that list, then a security exception should be thrown. I don't understand what you have done in your code.
On Tue, Oct 28, 2014 at 9:40 PM, Nipuni Perera <[email protected]> wrote: > Hi, > > I am working on $subject. Please find the implementation details below. > The motivation is we have recently encountered failures when calling > secured service call when Java security manager is enabled. > I have removed getOSGiService() and getOSGiServices() implementations from > PrivilegedCarbonContext and added them to CarbonContext. > > PrivilegedCarbonContext.java > > public Object getOSGiService(Class clazz) { > return getOSGiService(clazz, null); > } > > .... > public List<Object> getOSGiServices(Class clazz) { > return getOSGiServices(clazz, null); > } > > CarbonContext.java (This osgiServicesList holds the list of osgi services > that we expose) > > public Object getOSGiService(Class clazz, Hashtable<String, String> props) > { > if (osgiServicesList.contains(clazz.toString())) { > ServiceTracker serviceTracker = null; > try { > BundleContext bundleContext = > dataHolder.getBundleContext(); > Filter osgiFilter = createFilter(bundleContext, clazz, > props); > serviceTracker = new ServiceTracker(bundleContext, > osgiFilter, null); > serviceTracker.open(); > return serviceTracker.getServices()[0]; > } catch (InvalidSyntaxException e) { > log.error("Error creating osgi filter from properties"); > e.printStackTrace(); > } finally { > serviceTracker.close(); > } > } > return null; > } > > > public List<Object> getOSGiServices(Class clazz, Hashtable<String, > String> props) { > ... > } > > private Filter createFilter(BundleContext bundleContext, Class clazz, > Hashtable<String, String> props) > throws InvalidSyntaxException { > > String filterString = "(objectClass=" + clazz.getName() + ")"; > if (props != null && !props.isEmpty()) { > filterString = "(&" + filterString; > for (String propKey : props.keySet()) { > filterString = filterString + "(" + propKey + "=" + > props.get(propKey) + ")"; > } > filterString = filterString + ")"; > } > return bundleContext.createFilter(filterString); > } > > I have added a new configuration file "osgiservices.properties" to > <CARBON-HOME>/repository/conf/etc which contains all the osgi services that > we expose. I have created jira [1] for the issue and attached the complete > diff there. I would appreciate any comments on the above approach. > > [1] https://wso2.org/jira/browse/CARBON-15038 > > Thanks, > Nipuni > -- > Nipuni Perera > Software Engineer; WSO2 Inc.; http://wso2.com > Email: [email protected] > Git hub profile: https://github.com/nipuni > Mobile: +94 (71) 5626680 > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>* *email: **[email protected]* <[email protected]> * cell: +94 77 3320919blog: **http://blog.afkham.org* <http://blog.afkham.org> *twitter: **http://twitter.com/afkham_azeez* <http://twitter.com/afkham_azeez> *linked-in: **http://lk.linkedin.com/in/afkhamazeez <http://lk.linkedin.com/in/afkhamazeez>* *Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
