Hi BJ, Thanks for your comment.
On Wed, 23 Mar 2011 10:45:48 -0400 BJ Hargrave <[email protected]> wrote: BJ> > The following sentence is described in OSGi Service Compendium spec BJ> > R4.2 section 102.8. BJ> > --------------- BJ> > Servlet and HttpContext objects must use a doPrivileged construct BJ> > in their implementations when performing privileged operations. BJ> > --------------- BJ> > BJ> > Based on the description in OSGi spec and the above condition, BJ> > I think that the PermissionX is required for Bundle A when the BJ> > processing in ServletB is executed, regardless of whether HttpContext BJ> > object is default or user defined, because there is no BJ> > AccessController.doPrivileged() in ServletB's implementation BJ> > (It is supposed behavior '1'). BJ> > BJ> > Or, is OSGi spec saying the ServletB's implementation must use BJ> > doPrivileged() method when the privileged operation which requires BJ> > PermissionX is executed? BJ> BJ> Exactly! That section means that the HttpService impl will be on the call BJ> stack when the servlet or HttpContext impl is called. If either of those BJ> object need to exercise a permission they need to do a doPriv because the BJ> HttpService impl (or any other code on the call stack) may not have that BJ> permission. It does not mean that the HttpService impl cannot do a doPriv BJ> itself for some reason. So whatever permissions Bundle A may have is of no BJ> real interest here. Servlet B and the HttpContext need to doPriv. Let me clarify whether each OSS impls have a bug or not. - Equinox: obviously Bug (we will report a bug >> Tom). - Felix and Knopflerfish: Bug or not ? Shigekuni> Result of Equinox: Shigekuni> Thrown RuntimeException in the registerServlet processing because Shigekuni> BundleA doesn't have RuntimePermission when Thread#getContextClassLoader() Shigekuni> is called. Shigekuni> Shigekuni> Result of Felix: Shigekuni> The behavior is '2' in above list. Shigekuni> Shigekuni> Result of Knopflerfish: Shigekuni> The behavior is '2' in above list. Best regards, ======= Ikuo YAMASAKI _______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
