geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r984205 - /geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java
Date Tue, 10 Aug 2010 20:51:51 GMT
Author: gawor
Date: Tue Aug 10 20:51:51 2010
New Revision: 984205

URL: http://svn.apache.org/viewvc?rev=984205&view=rev
Log:
GERONIMO-5480: Prevent Equinox from adding AllPermission permission to each bundle

Modified:
    geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java

Modified: geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java?rev=984205&r1=984204&r2=984205&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-hook/src/main/java/org/apache/geronimo/hook/equinox/ClassLoaderHook.java
Tue Aug 10 20:51:51 2010
@@ -16,6 +16,8 @@
  */
 package org.apache.geronimo.hook.equinox;
 
+import java.security.AllPermission;
+import java.security.PermissionCollection;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -32,6 +34,7 @@ import org.eclipse.osgi.baseadaptor.load
 import org.eclipse.osgi.framework.adaptor.BundleProtectionDomain;
 import org.eclipse.osgi.framework.adaptor.ClassLoaderDelegate;
 import org.eclipse.osgi.framework.internal.core.Constants;
+import org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader;
 import org.eclipse.osgi.internal.loader.BundleLoader;
 import org.eclipse.osgi.util.ManifestElement;
 import org.osgi.framework.BundleException;
@@ -71,6 +74,18 @@ public class ClassLoaderHook implements 
                 throw new RuntimeException(e);
             }
         }
+        
+        if (domain == null) {
+            /**
+             * By default Equinox creates a ProtectionDomain for each bundle with AllPermission
permission.
+             * That breaks Geronimo security checks. See GERONIMO-5480 for details.
+             * This work-around prevents Equinox from adding AllPermission permission to
each bundle.
+             */
+            PermissionCollection emptyPermissionCollection = (new AllPermission()).newPermissionCollection();
+            ProtectionDomain emptyProtectionDomain = new ProtectionDomain(null, emptyPermissionCollection);
+            return new DefaultClassLoader(parent, delegate, emptyProtectionDomain, data,
classpath);
+        }
+
         return null;
     }
 



Mime
View raw message