felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür <reto.bachm...@trialox.org>
Subject Re: ConditionalPermissionAdmin: Exceptions before System Bundle gets permissions
Date Tue, 13 Jan 2009 11:08:27 GMT
Hi Paul,

Thanks for your reply. We are using the launchpad from the sling project
(just changed the pom to conatin our bundles), this initialized all the
bundles including the one with our PermissionManager component assigning
the permissions though cpa in no particular order using
BundleContext.installBundle(location, ins), subsequently the bundles are
started in the same order as they are installed using Bundle.start().

Obviously I would favor a solution that does not require changes in the
sling launchpad, there is the possibility (by adding the
PermissionManager to /resources/corebundles in the jar) to make sure the
installBundle is called for our PermissionManager before the other
bundles, I'll check this out and report.

Cheers,
reto


Karl Pauls said the following on 01/06/2009 09:14 PM:
> I'm not sure what is going on exactly but it looks to me like there
> are bundles installed concurrently with your bundle getting activated.
> Is that possible?
>
> Regardless, could you create a JIRA issue and attach something that
> allows me to reproduce your issue?
>
> regards,
>
> Karl
>
> On Tue, Jan 6, 2009 at 1:54 PM, Reto Bachmann-Gmür
> <reto.bachmann@trialox.org> wrote:
>   
>> Hello
>>
>> We have a component using ConditionalPermssionAdmin to assign
>> permissions. The component first gives all permissions to itself and the
>> to the system bundle. The problem is that we occasionally get security
>> exception betweene this first two calls to setConditionalPermssionInfo,
>> by adding a Thread.sleep call between the two calls of
>> setConditionalPermissionInfo we always get such exceptions.
>>
>> code:
>>
>> cpa.setConditionalPermissionInfo(PERMISSIONMANAGER_CPINAME,
>> new ConditionInfo[]{
>>    new ConditionInfo(BundleLocationCondition.class.getName(),
>>    new String[]{cCtx.getBundleContext().getBundle().getLocation()})
>> },
>> new PermissionInfo[]{
>>    new PermissionInfo(
>>    AllPermission.class.getName(), "", "")
>> });
>> try {
>>    Thread.sleep(1000);
>> } catch (InterruptedException ex) {
>>    java.util.logging.Logger.getLogger(PermissionManager.class.getName()).
>>            log(Level.SEVERE, null, ex);
>> }
>> // Don't call slf4j logger here as it reuires the system bundle to have
>> permissions
>> cpa.setConditionalPermissionInfo(SYSTEM_BUNDLE_CPINAME,
>> new ConditionInfo[]{
>>    new ConditionInfo(
>>    BundleLocationCondition.class.getName(),
>>    new String[]{"System Bundle"})
>> },
>> new PermissionInfo[]{
>>    new PermissionInfo(
>>    AllPermission.class.getName(), "", "")
>> });
>>
>> Exceptions:
>>
>> ERROR: EventDispatcher: Error during dispatch.
>> (java.security.AccessControlException: access denied
>> (org.osgi.framework.AdminPermission (id=25) metadata))
>> java.security.AccessControlException: access denied
>> (org.osgi.framework.AdminPermission (id=25) metadata)
>>    at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>    at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:136)
>>    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:127)
>>    at
>> org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:210)
>>    at org.apache.felix.scr.impl.Activator.bundleChanged(Activator.java:173)
>>    at
>> org.apache.felix.framework.util.EventDispatcher$3.run(EventDispatcher.java:683)
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:680)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:619)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:532)
>>    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:3601)
>>    at org.apache.felix.framework.Felix._startBundle(Felix.java:1616)
>>    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
>>    at
>> org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
>>    at
>> org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
>>    at java.lang.Thread.run(Thread.java:619)
>> 796 [FelixDispatchQueue] INFO javax.ws.rs - BundleEvent STARTED
>> 801 [FelixDispatchQueue] ERROR org.apache.felix.shell - FrameworkEvent
>> ERROR (java.security.AccessControlException: access denied
>> (org.osgi.framework.ServicePermission
>> org.apache.felix.shell.ShellService register))
>> java.security.AccessControlException: access denied
>> (org.osgi.framework.ServicePermission
>> org.apache.felix.shell.ShellService register)
>>    at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>    at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>    at
>> org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:248)
>>    at org.apache.felix.shell.impl.Activator.start(Activator.java:42)
>>    at
>> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1088)
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at
>> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:582)
>>    at org.apache.felix.framework.Felix._startBundle(Felix.java:1610)
>>    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
>>    at
>> org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
>>    at
>> org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
>>    at java.lang.Thread.run(Thread.java:619)
>> ERROR: Error starting slinginstall:org.apache.felix.shell-1.0.1.jar
>> (java.security.AccessControlException: access denied
>> (org.osgi.framework.ServicePermission
>> org.apache.felix.shell.ShellService register))
>> java.security.AccessControlException: access denied
>> (org.osgi.framework.ServicePermission
>> org.apache.felix.shell.ShellService register)
>>    at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>    at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>    at
>> org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:248)
>>    at org.apache.felix.shell.impl.Activator.start(Activator.java:42)
>>    at
>> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1088)
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at
>> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:582)
>>    at org.apache.felix.framework.Felix._startBundle(Felix.java:1610)
>>    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
>>    at
>> org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
>>    at
>> org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
>>    at java.lang.Thread.run(Thread.java:619)
>> ERROR: EventDispatcher: Error during dispatch.
>> (java.security.AccessControlException: access denied
>> (org.osgi.framework.AdminPermission (id=27) metadata))
>> java.security.AccessControlException: access denied
>> (org.osgi.framework.AdminPermission (id=27) metadata)
>>    at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>    at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>>    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:136)
>>    at org.apache.felix.framework.BundleImpl.getHeaders(BundleImpl.java:127)
>>    at
>> org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:210)
>>    at org.apache.felix.scr.impl.Activator.bundleChanged(Activator.java:173)
>>    at
>> org.apache.felix.framework.util.EventDispatcher$3.run(EventDispatcher.java:683)
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:680)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:619)
>>    at
>> org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:532)
>>    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:3601)
>>    at org.apache.felix.framework.Felix._startBundle(Felix.java:1616)
>>    at org.apache.felix.framework.Felix.startBundle(Felix.java:1544)
>>    at
>> org.apache.felix.framework.Felix.setFrameworkStartLevel(Felix.java:1125)
>>    at
>> org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:258)
>>    at java.lang.Thread.run(Thread.java:619)
>> ....
>>
>>
>> Any idea on how to prevent this? Is it possible to enable multiple
>> ConditionalPermissionInfos simultaneously?
>>
>> Regards,
>> Reto
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>> For additional commands, e-mail: users-help@felix.apache.org
>>
>>
>>     
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message