Why does bundle H capture an ACC at the time a servlet is registered (and the assert it when calling the servlet)? That seems pointless and I do not see any correlation between the call stack at the time of servlet registration and the time of servlet execution.
For your question at the end, (b) is not correct and (a) is partially correct. Servlet B *must* use doPrivilege to exercise some permission it has been granted. But I fail to see why bundle H captures the ACC and asserts it when calling Servlet B. -- BJ Hargrave Senior Technical Staff Member, IBM OSGi Fellow and CTO of the OSGi Alliance [email protected] office: +1 386 848 1781 mobile: +1 386 848 3788 From: Ikuo Yamasaki <[email protected]> To: OSGi Developer Mail List <[email protected]> Date: 2011/03/24 01:56 Subject: Re: [osgi-dev] Question of HttpService Spec Sent by: [email protected] BJ, On Wed, 23 Mar 2011 18:18:40 -0400 BJ Hargrave <[email protected]> wrote: BJ> > Let me clarify whether each OSS impls have a bug or not. BJ> > - Equinox: obviously Bug (we will report a bug >> Tom). BJ> > - Felix and Knopflerfish: Bug or not ? BJ> BJ> I don't think there is a bug in those. They did not throw an improper BJ> exception. So, I have another question: ---------------- <PreCondition> [BundleH] a HttpService Impl Bundle (BundleH), which is not any of Equinox/Felix/KF. When a servlet is registered, BundleH captures the AccessContolContext. AccessControlContext acc = AccessController.getContext(); When BundleH receives HTTP GET request, BundleH calls Servlet#service(ServletRequest,ServletResponse) in AccessController.doPrivileged( new PrivilegedExceptionAction() { public Object run() throws Exception { ... servlet.service(req.res); ... } }, acc); [BundleA] same as Shige written. It gets "Service B" registered by BundleB, and calls the sampleAPI() method provided by ServiceB. BundleA is granted the following Permissions; (org.osgi.framework.PackagePermission "org.osgi.framework" "import") (org.osgi.framework.PackagePermission "sample" "import") (org.osgi.framework.ServicePermission "sample.ServiceB" "get") [BundleB] same as Shige written. It registers ServiceB. "When sampleAPI() is called by BundleA," BundleB creates SerlvetB instance and registers ServletB to HttpService by HttpService#registerServlet() in the calling thread. ServletB's doGet() impl performs privileged operation, which requires the specific Permission(PermissionX) without no AccessController.doPrivileged(). BundleB is granted AllPermission. <Then> When the http service receives HTTP GET access and ServletB's doGet() is called, SecurityException is thrown because BundleA does not have PermissionX. ---------------- In that case, which is correct ? a. BundleH does not have any bug. ServletB must use a doPrivileged construct in their implementations when performing privileged operations. b. ServletB does not need to use a doPrivileged construct. BundleH has a bug. IMO, b is right: Bundle H must not use doPriveleged with the captured AccessControlContext because it is not the case of accessing resource URL. Best regards, ======= Ikuo YAMASAKI _______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
_______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
