ConditionalPermissionAdmin: Exceptions before System Bundle gets permissions

Tue, 06 Jan 2009 05:03:17 -0800 

Hello

We have a component using ConditionalPermssionAdmin to assign
permissions. The component first gives all permissions to itself and the
to the system bundle. The problem is that we occasionally get security
exception betweene this first two calls to setConditionalPermssionInfo,
by adding a Thread.sleep call between the two calls of
setConditionalPermissionInfo we always get such exceptions.

code:

cpa.setConditionalPermissionInfo(PERMISSIONMANAGER_CPINAME,
new ConditionInfo[]{
    new ConditionInfo(BundleLocationCondition.class.getName(),
    new String[]{cCtx.getBundleContext().getBundle().getLocation()})
},
new PermissionInfo[]{
    new PermissionInfo(
    AllPermission.class.getName(), "", "")
});
try {
    Thread.sleep(1000);
} catch (InterruptedException ex) {
    java.util.logging.Logger.getLogger(PermissionManager.class.getName()).
            log(Level.SEVERE, null, ex);
}
// Don't call slf4j logger here as it reuires the system bundle to have
permissions
cpa.setConditionalPermissionInfo(SYSTEM_BUNDLE_CPINAME,
new ConditionInfo[]{
    new ConditionInfo(
    BundleLocationCondition.class.getName(),
    new String[]{"System Bundle"})
},
new PermissionInfo[]{
    new PermissionInfo(
    AllPermission.class.getName(), "", "")
});

Exceptions:

ERROR: EventDispatcher: Error during dispatch.
(java.security.AccessControlException: access denied
(org.osgi.framework.AdminPermission (id=25) metadata))
java.security.AccessControlException: access denied
(org.osgi.framework.AdminPermission (id=25) metadata)
    at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at
java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:136)
    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:127)
    at
org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:210)
    at org.apache.felix.scr.impl.Activator.bundleChanged(Activator.java:173)
    at
org.apache.felix.framework.util.EventDispatcher$3.run(EventDispatcher.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at
org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:680)
    at
org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:619)
    at
org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:532)
    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:3601)
    at org.apache.felix.framework.Felix._startBundle(Felix.java:1616)
    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
    at
org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
    at
org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
    at java.lang.Thread.run(Thread.java:619)
796 [FelixDispatchQueue] INFO javax.ws.rs - BundleEvent STARTED
801 [FelixDispatchQueue] ERROR org.apache.felix.shell - FrameworkEvent
ERROR (java.security.AccessControlException: access denied
(org.osgi.framework.ServicePermission
org.apache.felix.shell.ShellService register))
java.security.AccessControlException: access denied
(org.osgi.framework.ServicePermission
org.apache.felix.shell.ShellService register)
    at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at
java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:248)
    at org.apache.felix.shell.impl.Activator.start(Activator.java:42)
    at
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1088)
    at java.security.AccessController.doPrivileged(Native Method)
    at
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:582)
    at org.apache.felix.framework.Felix._startBundle(Felix.java:1610)
    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
    at
org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
    at
org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
    at java.lang.Thread.run(Thread.java:619)
ERROR: Error starting slinginstall:org.apache.felix.shell-1.0.1.jar
(java.security.AccessControlException: access denied
(org.osgi.framework.ServicePermission
org.apache.felix.shell.ShellService register))
java.security.AccessControlException: access denied
(org.osgi.framework.ServicePermission
org.apache.felix.shell.ShellService register)
    at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at
java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at
org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:248)
    at org.apache.felix.shell.impl.Activator.start(Activator.java:42)
    at
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1088)
    at java.security.AccessController.doPrivileged(Native Method)
    at
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:582)
    at org.apache.felix.framework.Felix._startBundle(Felix.java:1610)
    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
    at
org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
    at
org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
    at java.lang.Thread.run(Thread.java:619)
ERROR: EventDispatcher: Error during dispatch.
(java.security.AccessControlException: access denied
(org.osgi.framework.AdminPermission (id=27) metadata))
java.security.AccessControlException: access denied
(org.osgi.framework.AdminPermission (id=27) metadata)
    at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at
java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:136)
    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:127)
    at
org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:210)
    at org.apache.felix.scr.impl.Activator.bundleChanged(Activator.java:173)
    at
org.apache.felix.framework.util.EventDispatcher$3.run(EventDispatcher.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at
org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:680)
    at
org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:619)
    at
org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:532)
    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:3601)
    at org.apache.felix.framework.Felix._startBundle(Felix.java:1616)
    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
    at
org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
    at
org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
    at java.lang.Thread.run(Thread.java:619)
....


Any idea on how to prevent this? Is it possible to enable multiple
ConditionalPermissionInfos simultaneously?

Regards,
Reto


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to