felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-5204) IllegalStateException when using custom URL handlers for bundles
Date Wed, 02 Mar 2016 14:50:18 GMT

    [ https://issues.apache.org/jira/browse/FELIX-5204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175719#comment-15175719

Guillaume Nodet commented on FELIX-5204:

We use the Mina SSHD server in Karaf.
The problem happens when we restart the framework without restarting the JVM.  The reason
is that the javax.crypto package has some internal cache about Cipher providers.  The providers
are cached by the protection domain source code url.

See http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/9b8c96f96a0f/src/share/classes/javax/crypto/JceSecurityManager.java#l79

Here's what happens:
  * the JVM starts, the OSGi framework starts, the SSH bundle is installed with a {{mvn:org.apache.sshd/sshd-core/1.0.0}}
url (the url handler is an OSGi url handler, so provided by a pax-url bundle)
  * when the SSH server starts, the JceSecurityManager caches the Cipher provider with this
  * the framework is restarted
  * when the SSH server starts again, the JceSecurityManager calls {{get}} on the cache indexed
by the URL, but the URL in the cache is no longer valid and the {{URLHandlersStreamHandlerProxy.equals}}
throws the exception indicated

This obviously only happen when the bundle is installed with a {{mvn:org.apache.sshd/sshd-core/1.0.0}}
and not a {{file:system/org/apache/sshd/sshd-core/1.0.0/sshd-core-1.0.0.jar}} url.

I think it's a bad idea that the BundleProtectionDomain uses a URL which may not be valid
after the framework is shutdown. My initial thinking was to use the jar bundle revision path
instead, something like {{file:data/cache/bundle32/11.0/bundle.jar}}.
It seems that's the way Equinox works fwiw.
Especially, if the bundle is updated, I think the 2 code source should be different, and using
the original location used to install / update the url does not bring this guarantee.  Using
the bundle revision instead seems cleaner to me.

> IllegalStateException when using custom URL handlers for bundles
> ----------------------------------------------------------------
>                 Key: FELIX-5204
>                 URL: https://issues.apache.org/jira/browse/FELIX-5204
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework
>    Affects Versions: framework-5.4.0
>            Reporter: Guillaume Nodet
>            Assignee: Guillaume Nodet
>             Fix For: framework-5.6.0
> The following exception can happen after having restarted the whole framework.
> {code}
> java.lang.IllegalStateException: Stream handler unavailable.
> 	at org.apache.felix.framework.URLHandlersStreamHandlerProxy.getDefaultPort(URLHandlersStreamHandlerProxy.java:180)
> 	at java.net.URLStreamHandler.sameFile(URLStreamHandler.java:407)
> 	at org.osgi.service.url.AbstractURLStreamHandlerService.sameFile(AbstractURLStreamHandlerService.java:131)
> 	at java.net.URLStreamHandler.equals(URLStreamHandler.java:333)
> 	at org.osgi.service.url.AbstractURLStreamHandlerService.equals(AbstractURLStreamHandlerService.java:81)
> 	at org.apache.felix.framework.URLHandlersStreamHandlerProxy.equals(URLHandlersStreamHandlerProxy.java:163)
> 	at java.net.URL.equals(URL.java:870)
> 	at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940)
> 	at javax.crypto.JceSecurityManager.getCryptoPermission(JceSecurityManager.java:124)
> 	at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2587)
> 	at javax.crypto.Cipher.initCryptoPermission(Cipher.java:700)
> 	at javax.crypto.Cipher.chooseProvider(Cipher.java:863)
> 	at javax.crypto.Cipher.init(Cipher.java:1396)
> 	at javax.crypto.Cipher.init(Cipher.java:1327)
> 	at org.apache.sshd.common.cipher.BaseCipher.init(BaseCipher.java:60)
> 	at org.apache.karaf.shell.ssh.SshUtils.buildCiphers(SshUtils.java:89)
> 	at org.apache.karaf.shell.ssh.Activator.createSshServer(Activator.java:183)
> 	at org.apache.karaf.shell.ssh.Activator.doStart(Activator.java:111)
> 	at org.apache.karaf.util.tracker.BaseActivator.run(BaseActivator.java:233)
> 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> {code}
> The problems seems to be that the ProtectionDomain of the classes loaded from bundles
do use the URL handler as their code source.  This means that any access to those URL will
throw IllegalStateException after the framework has been shutdown.
> The protection domain should use the url the jar from the filesystem for the code source
url instead.

This message was sent by Atlassian JIRA

View raw message