Return-Path: 
 <commits-return-4561-apmail-felix-commits-archive=felix.apache.org@felix.apache.org>
Delivered-To: apmail-felix-commits-archive@www.apache.org
Received: (qmail 21355 invoked from network); 6 Aug 2008 15:59:41 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 6 Aug 2008 15:59:41 -0000
Received: (qmail 39982 invoked by uid 500); 6 Aug 2008 15:59:41 -0000
Delivered-To: apmail-felix-commits-archive@felix.apache.org
Received: (qmail 39957 invoked by uid 500); 6 Aug 2008 15:59:41 -0000
Mailing-List: contact commits-help@felix.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@felix.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@felix.apache.org>
List-Post: <mailto:commits@felix.apache.org>
List-Id: <commits.felix.apache.org>
Reply-To: dev@felix.apache.org
Delivered-To: mailing list commits@felix.apache.org
Received: (qmail 39948 invoked by uid 99); 6 Aug 2008 15:59:41 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Aug 2008 08:59:41 -0700
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Aug 2008 15:58:53 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 40981238896D; Wed,  6 Aug 2008 08:59:21 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r683310 - in
 /felix/trunk/framework/src/main/java/org/apache/felix/framework:
 BundleProtectionDomain.java Felix.java
Date: Wed, 06 Aug 2008 15:59:20 -0000
To: commits@felix.apache.org
From: pauls@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20080806155921.40981238896D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: pauls
Date: Wed Aug  6 08:59:20 2008
New Revision: 683310

URL: http://svn.apache.org/viewvc?rev=683310&view=rev
Log:
Subject.doAs is not considered by the spec and doesn't work well with the current approach we have inside the framework. This commit makes it work based on the current security policy installed. Furthermore, it is now possible (and needed) to assign permissions to bundles via the security policy (based on the bundle location - not certificates). In other words, as of now, correct permissions have to be assigned to the framework and bundles using the java security policy based on either the codesource or the subject, if subject.doAs is used. This is possible because bundles do have a codesource now and the bundle protection domain asks the installed policy for permissions in case no security provider is installed. (FELIX-654)

Modified:
    felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java Wed Aug  6 08:59:20 2008
@@ -18,17 +18,24 @@
  */
 package org.apache.felix.framework;
 
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.CodeSource;
 import java.security.Permission;
 import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
 
 public class BundleProtectionDomain extends ProtectionDomain
 {
     private final Felix m_felix;
     private final FelixBundle m_bundle;
 
-    public BundleProtectionDomain(Felix felix, FelixBundle bundle)
+    public BundleProtectionDomain(Felix felix, FelixBundle bundle) 
+        throws MalformedURLException
     {
-        super(null, null);
+        super(new CodeSource(new URL(new URL(null, "location:", 
+            new FakeURLStreamHandler()), felix.getBundleLocation(bundle), 
+            new FakeURLStreamHandler()), (Certificate[]) null), null);
         m_felix = felix;
         m_bundle = bundle;
     }
@@ -61,7 +68,7 @@
         }
         return m_bundle == ((BundleProtectionDomain) other).m_bundle;
     }
-    
+
     public String toString()
     {
         return "[" + m_bundle + "]";

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=683310&r1=683309&r2=683310&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java Wed Aug  6 08:59:20 2008
@@ -3402,6 +3402,10 @@
         {
             return m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission, direct);
         }
+        else if ((bundleProtectionDomain.getBundle() != this) && (System.getSecurityManager() != null))
+        {
+            return m_secureAction.getPolicy().implies(bundleProtectionDomain, permission);
+        }
         return true;
     }