> From: Shigekuni Kondo <[email protected]> > > Hi OSGi Experts > > > I would like to ask about HttpService behavior. > Let me assume the following example to explain my question. > > > <Condition> > HttpService bundle, BundleA and BundleB are running on > an OSGi framework. > > [BundleA] > It gets "Service B" registered by BundleB, and calls the sampleAPI() > method provided by ServiceB. > > BundleA is given the following Permission; > (org.osgi.framework.PackagePermission "org.osgi.framework" "import") > (org.osgi.framework.PackagePermission "sample" "import") > (org.osgi.framework.ServicePermission "sample.ServiceB" "get") > > [BundleB] > It registers ServiceB. > BundleB create SerlvetB instance and registers ServletB to > HttpService by HttpService#registerServlet() in that thread. > > When ServletB is accessed, the privileged operation which requires > the specific Permission(PermissionX) is executed. > Remark that there is no AccessController.doPrivileged() in ServletB's > implementation. > > BundleB is given the AllPermission. > > > <Question> > In the case, I can suppose following behavior. > >From the OSGi Spec point of view, Which is proper behavior? > Or is there other correct behavior? > > 1. PermissionX is required for Bundle A when the processing in ServletB > is executed, regardless of whether HttpContext object is default > or user defined.
How is bundle A involved here? If an HTTP request is processed by the HttpService bundle, it will call the ServletB object. Bundle A is not even on the call stack for a permission check. Just HttpService bundle and Bundle B. So unless ServletB does a doPrivileged, both HttpService and Bundle B will need Permission X. > 2. PermissionX is NOT required for Bundle A when the processing in ServletB > is executed, regardless of whether HttpContext object is default > or user defined. This seems the proper result. I assume a user defined context is defined by Bundle B and thus has the same ProtectionDomain as ServletB. > 3. PermissionX is required for Bundle A when the processing in ServletB > is executed in case that HttpContext object is default HttpContext. > > My understanding is that '1' in above list is correct by checking OSGi > Service Compendium spec R4.2 section 102.8. > > > In addition, I implemented above bundles and checked the behavior of several > HttpService bundles which are released from Equinox, Felix and Knopflerfish, > respectivity. > > Result of Equinox: > Thrown RuntimeException in the registerServlet processing because > BundleA doesn't have RuntimePermission when Thread#getContextClassLoader() > is called. Why is Bundle A on the call stack when Bundle B registers ServletB? And I have no idea why a getContextClassLoader call is made. This is beyond the OSGi spec. So it would seem that the HttpService impl from Equinox should wrap that call is a doPrivileged. > > Result of Felix: > The behavior is '2' in above list. > > Result of Knopflerfish: > The behavior is '2' in above list. > > -- BJ Hargrave Senior Technical Staff Member, IBM OSGi Fellow and CTO of the OSGi Alliance [email protected] office: +1 386 848 1781 mobile: +1 386 848 3788
_______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
