Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-5978

Felix framework unable to retrieve custom URL handlers when security is on

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • framework-6.0.0, framework-6.0.1
    • framework-6.0.2
    • Framework
    • None

    Description

      When running with multiple frameworks in the same VM, custom URL Handlers, and OSGi security on there are a couple of problems:

       

      Firstly, this security exception results in the custom URL handler being ignored. The framework should really be using a doPriv here.

      java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528)
at java.lang.Class.getClassLoader(Class.java:683)
at org.apache.felix.framework.URLHandlers.getFrameworkFromContext(URLHandlers.java:690)
at org.apache.felix.framework.URLHandlersStreamHandlerProxy.getStreamHandlerService(URLHandlersStreamHandlerProxy.java:574)
at org.apache.felix.framework.URLHandlersStreamHandlerProxy.toExternalForm(URLHandlersStreamHandlerProxy.java:474)
at java.net.URL.toExternalForm(URL.java:929)
at java.net.URL.toString(URL.java:915)
at java.lang.ClassLoader.defineClassSourceLocation(ClassLoader.java:678)
at java.lang.ClassLoader.defineClass(ClassLoader.java:762)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2344)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2162)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2096)
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1565)
at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1982)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.apache.felix.cm.impl.ConfigurationManager.configure(ConfigurationManager.java:758)

      Secondly, the wrong framework is returned some of the time due to the logic of URLHandlers.getFrameworkContext() - in this method it assumes that there will be a bundle class loader on the stack, which is not true when the launcher is starting a bundle (the framework reflectively loads the Activator type which requires a URL check to set the security domain).

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #160

          Activity

            People

              karlpauls Karl Pauls
              timothyjward Timothy James Ward
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: