> The following sentence is described in OSGi Service Compendium spec > R4.2 section 102.8. > --------------- > Servlet and HttpContext objects must use a doPrivileged construct > in their implementations when performing privileged operations. > --------------- > > Based on the description in OSGi spec and the above condition, > I think that the PermissionX is required for Bundle A when the > processing in ServletB is executed, regardless of whether HttpContext > object is default or user defined, because there is no > AccessController.doPrivileged() in ServletB's implementation > (It is supposed behavior '1'). > > Or, is OSGi spec saying the ServletB's implementation must use > doPrivileged() method when the privileged operation which requires > PermissionX is executed?
Exactly! That section means that the HttpService impl will be on the call stack when the servlet or HttpContext impl is called. If either of those object need to exercise a permission they need to do a doPriv because the HttpService impl (or any other code on the call stack) may not have that permission. It does not mean that the HttpService impl cannot do a doPriv itself for some reason. So whatever permissions Bundle A may have is of no real interest here. Servlet B and the HttpContext need to doPriv. > > > > Why is Bundle A on the call stack when Bundle B registers ServletB? And I > > have no idea why a getContextClassLoader call is made. This is beyond the > > OSGi spec. So it would seem that the HttpService impl from Equinox should > > wrap that call is a doPrivileged. > The reason is that BundleB create SerlvetB instance and registers ServletB > to HttpService when sampleAPI() is called by BundleA. > Please find attached the stack trace which is output when the error > is occurred. > > <Note> > "test.http.servlet.bundlea" is BundleA > "test.http.servlet.bundleb" is BundleB > The exception in the stack trace could result from 2 situations. 1) HttpService impl needs the permission to get context class loader and you did not grant the proper permissions. 2) You did grant the proper permission but there is an error in HttpService impl because it fails to doPriv to exercise that permission. -- BJ Hargrave Senior Technical Staff Member, IBM OSGi Fellow and CTO of the OSGi Alliance [email protected] office: +1 386 848 1781 mobile: +1 386 848 3788
_______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
