felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pa...@apache.org
Subject svn commit: r683310 - in /felix/trunk/framework/src/main/java/org/apache/felix/framework: BundleProtectionDomain.java Felix.java
Date Wed, 06 Aug 2008 15:59:20 GMT
Author: pauls
Date: Wed Aug  6 08:59:20 2008
New Revision: 683310

URL: http://svn.apache.org/viewvc?rev=683310&view=rev
Log:
Subject.doAs is not considered by the spec and doesn't work well with the current approach
we have inside the framework. This commit makes it work based on the current security policy
installed. Furthermore, it is now possible (and needed) to assign permissions to bundles via
the security policy (based on the bundle location - not certificates). In other words, as
of now, correct permissions have to be assigned to the framework and bundles using the java
security policy based on either the codesource or the subject, if subject.doAs is used. This
is possible because bundles do have a codesource now and the bundle protection domain asks
the installed policy for permissions in case no security provider is installed. (FELIX-654)

Modified:
    felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
(original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
Wed Aug  6 08:59:20 2008
@@ -18,17 +18,24 @@
  */
 package org.apache.felix.framework;
 
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.CodeSource;
 import java.security.Permission;
 import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
 
 public class BundleProtectionDomain extends ProtectionDomain
 {
     private final Felix m_felix;
     private final FelixBundle m_bundle;
 
-    public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+    public BundleProtectionDomain(Felix felix, FelixBundle bundle) 
+        throws MalformedURLException
     {
-        super(null, null);
+        super(new CodeSource(new URL(new URL(null, "location:", 
+            new FakeURLStreamHandler()), felix.getBundleLocation(bundle), 
+            new FakeURLStreamHandler()), (Certificate[]) null), null);
         m_felix = felix;
         m_bundle = bundle;
     }
@@ -61,7 +68,7 @@
         }
         return m_bundle == ((BundleProtectionDomain) other).m_bundle;
     }
-    
+
     public String toString()
     {
         return "[" + m_bundle + "]";

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java Wed Aug  6 08:59:20
2008
@@ -3402,6 +3402,10 @@
         {
             return m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission,
direct);
         }
+        else if ((bundleProtectionDomain.getBundle() != this) && (System.getSecurityManager()
!= null))
+        {
+            return m_secureAction.getPolicy().implies(bundleProtectionDomain, permission);
+        }
         return true;
     }
 



Mime
View raw message