felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Pauls (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (FELIX-1169) Service event callbacks fail silently when denied permission
Date Fri, 22 May 2009 16:16:45 GMT

     [ https://issues.apache.org/jira/browse/FELIX-1169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Karl Pauls reassigned FELIX-1169:
---------------------------------

    Assignee: Karl Pauls

> Service event callbacks fail silently when denied permission
> ------------------------------------------------------------
>
>                 Key: FELIX-1169
>                 URL: https://issues.apache.org/jira/browse/FELIX-1169
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: felix-1.6.1
>         Environment: Environments that have a SecurityManager installed, like the Google
App Engine.
>            Reporter: ted stockwell
>            Assignee: Karl Pauls
>            Priority: Minor
>
> The org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback method
checks for permission before making callbacks to ServiceListener.serviceChanged.
> However, if no permission has been granted to listener for any of the service interfaces
that are being listened to then this method fails silently (making the failure to get the
callback hard to diagnose).
> This snippet of code in the EventDispatcher.invokeServiceListenerCallback method....
>             Object sm = System.getSecurityManager();
>             if ((acc != null) && (sm != null))
>             {
>                 for (int i = 0;
>                     !hasPermission && (i < objectClass.length);
>                     i++)
>                 {
>                     try
>                     {
>                         ServicePermission perm =
>                             new ServicePermission(
>                                 objectClass[i], ServicePermission.GET);
>                         ((SecurityManager) sm).checkPermission(perm, acc);
>                         hasPermission = true;
>                     }
>                     catch (Exception ex)
>                     {
>                     }
>                 }
>             }
>             else
>             {
>                 hasPermission = true;
>             }
> ....should probably be changed to throw a SecurityException if no permission is found.
> Like so....
>             Object sm = System.getSecurityManager();
>             if ((acc != null) && (sm != null))
>             {
>                 for (int i = 0;
>                     !hasPermission && (i < objectClass.length);
>                     i++)
>                 {
>                     try
>                     {
>                         ServicePermission perm =
>                             new ServicePermission(
>                                 objectClass[i], ServicePermission.GET);
>                         ((SecurityManager) sm).checkPermission(perm, acc);
>                         hasPermission = true;
>                     }
>                     catch (Exception ex)
>                     {
>                     }
>                 }
>                 if (!hasPermission)
>                     throw new SecurityException();
>             }
>             else
>             {
>                 hasPermission = true;
>             }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message