Re: [osgi-dev] Question of HttpService Spec

Wed, 23 Mar 2011 22:51:48 -0700 

BJ,

On Wed, 23 Mar 2011 18:18:40 -0400
BJ Hargrave <[email protected]> wrote:

BJ> > Let me clarify whether each OSS impls have a bug or not.
BJ> > - Equinox: obviously Bug (we will report a bug >> Tom).
BJ> > - Felix and Knopflerfish: Bug or not ?
BJ> 
BJ> I don't think there is a bug in those. They did not throw an improper 
BJ> exception.

So, I have another question:

----------------
<PreCondition>

[BundleH] a HttpService Impl Bundle (BundleH), which is not any of 
Equinox/Felix/KF. 

When a servlet is registered, BundleH captures the AccessContolContext.
        AccessControlContext acc =
                AccessController.getContext();

When BundleH receives HTTP GET request,
BundleH calls Servlet#service(ServletRequest,ServletResponse) in 

        AccessController.doPrivileged(
                new PrivilegedExceptionAction() {
                public Object run() throws Exception {
                        ...
                        servlet.service(req.res);
                        ...
                }
        }, acc);

[BundleA] same as Shige written.

It gets "Service B" registered by BundleB, and calls the sampleAPI()
method provided by ServiceB.

BundleA is granted the following Permissions;
(org.osgi.framework.PackagePermission "org.osgi.framework" "import")
(org.osgi.framework.PackagePermission "sample" "import")
(org.osgi.framework.ServicePermission "sample.ServiceB" "get")

[BundleB] same as Shige written.

It registers ServiceB.
"When sampleAPI() is called by BundleA," BundleB creates SerlvetB
instance and registers ServletB to HttpService by
HttpService#registerServlet() in the calling thread. 

ServletB's doGet() impl performs privileged operation, which requires
the specific Permission(PermissionX) without no
AccessController.doPrivileged().

BundleB is granted AllPermission.

<Then>
When the http service receives HTTP GET access and ServletB's doGet() is
called, SecurityException is thrown because BundleA does not have
PermissionX.
----------------

In that case, which is correct ?

a. BundleH does not have any bug. ServletB must use a
doPrivileged construct in their implementations when performing privileged
operations.

b. ServletB does not need to use a doPrivileged construct. BundleH has a
bug.

IMO, b is right: Bundle H must not use doPriveleged with the captured
AccessControlContext because it is not the case of accessing resource
URL.

Best regards,


=======
Ikuo YAMASAKI


_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev

Reply via email to