felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ulf Dittmer (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (FELIX-1101) framework.security can't be built or run against Felix 1.6
Date Sun, 03 May 2009 19:46:30 GMT

    [ https://issues.apache.org/jira/browse/FELIX-1101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12705439#action_12705439
] 

Ulf Dittmer edited comment on FELIX-1101 at 5/3/09 12:45 PM:
-------------------------------------------------------------

There's still an issue that I think isn't correct (and it was like that before - it's not
something that got introduced now):

If a bundle is installed at the same location under which another bundle was installed and
uninstalled before, then the CPA is no longer consulted if the bundle also had PA permissions.
That can lead to the new bundle not being installed if it depends on permissions granted by
the CPA.

This is caused by the m_store Map in the PermissionAdminImpl still having permission information
for that location; see the use of the boolean "file" in the hasPermission method. If it gets
set to true due to permissions of the old (now uninstalled) bundle being cached, then the
method returns false and the CPA is not consulted.

While it's not hard for the host application to set null permissions for any bundle that gets
uninstalled (thus removing the cache entry), I think the PA should do that automatically.
Maybe a BundleListener could remove the cache entry when a bundle gets uninstalled?

(PS: Since I'd have to do the diff of 7 files manually, I want to wait until I hear about
this, so I only have to do it once...)

      was (Author: udittmer):
    There's still an issue that I think isn't correct (and it was like that before - it's
not something that got introduced now):

If a bundle is installed at the same location under which another bundle was installed and
uninstalled before, then the CPA is no longer consulted if the bundle also had PA permissions.
That can lead to the new bundle not being installed if it depends on permissions granted by
the CPA.

This is caused by the m_store Map in the PermissionAdminImpl still having permission information
for that location; see the use of the boolean "file" in the hasPermission method. If it gets
set to true due to permissions of the old (now uninstalled) bundle being cached, then the
method returns false and the CPA is not consulted.

While it's not hard for the host application to set null permissions for any bundle that gets
uninstalled (thus removing the cache entry), I think the PA should do that automatically.
Maybe a BundleListener could remove the cache entry when a bundle gets uninstalled?
  
> framework.security can't be built or run against Felix 1.6
> ----------------------------------------------------------
>
>                 Key: FELIX-1101
>                 URL: https://issues.apache.org/jira/browse/FELIX-1101
>             Project: Felix
>          Issue Type: Bug
>          Components: Conditional Permission Admin, Permission Admin
>    Affects Versions: felix-1.6.0
>            Reporter: Ulf Dittmer
>            Assignee: Karl Pauls
>         Attachments: framework-security.zip
>
>
> The org.apache.felix.framework.SecurityActivator and org.apache.felix.framework.SecurityProviderImpl
classes have a dependency on the org.apache.felix.framework.FelixBundle class, which seems
to have been removed since Felix 1.4 (which, BTW, works fine with the PermissionAdmin service).
> Most -but not all- of the required methods seem to be available in org.apache.felix.framework.BundleImpl
now. Further changes involve using IModule instead of IContentLoader.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message