OSGi doPrivileged call between two bundles
https://stackoverflow.com//questions/21025546
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i have a problem using OSGi.
What i have:
- 2 simple bundles (Bundle A calls Bundle B)
- blueprint usage
- OSGi security usage
- both bundles are core bundles with all permissions
- third party bundles don't have all permissions, i.e. the PropertyPermission("bla", "write") will be denied
So as already mentioned the bundle call is pretty simple. Bundle A calls bundle B. The only complicated thing in it is, that the call is a doPrivileged call.
Following scenarios/examples:
Set a "bla" property in bundle A without doPrivileged -> fails (ok)
public void foo() {
System.setProperty("bla", "blubb"); // throws java.security.AccessControlException: access denied ("java.util.PropertyPermission" "bla" "write") -> ok
}
Set a "bla" property in bundle A with doPrivileged -> works (ok)
public void foo() {
AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
@Override
public Boolean run()
throws Exception
{
System.setProperty("bla", "blubb"); // sets the bla property without throwing an exception -> ok
return null;
}
});
}
Now trying to set the "bla" property in bundle B using the doPrivileged call of bundle A -> fails (why?)
Bundle A:
public void foo() {
AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
@Override
public Boolean run()
throws Exception
{
// calls Bundle B
bundleBService.bar();
return null;
}
});
}
Bundle B:
public void bar() {
System.setProperty("bla", "blubb"); // throws java.security.AccessControlException: access denied ("java.util.PropertyPermission" "bla" "write")
}
So why does it fail to set the property in bundle B using a doPrivileged call of bundle A? I would expect, that the doPrivileged call would also work here. Why it doesn't? Is it the fault of using blueprint? And is it possible wo solve this issue without adding the doPrivileged block to the method of bundle B?
Update: Here is the StackTrace:
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "bla" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.setProperty(System.java:782)
at barpkg.BundleB.bar(BundleB.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at com.sun.proxy.$Proxy111.bar(Unknown Source)
at foopkg.BundleA$1.run(BundleA.java:73)
at foopkg.BundleA$1.run(BundleA.java:65)
at java.security.AccessController.doPrivileged(Native Method)
at foopkg.BundleA.foo(BundleA.java:65)
at testpkg.PrivilegedTest.testDoPrivileged(PrivilegedTest.java:135)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.ops4j.pax.exam.invoker.junit.internal.ContainerTestRunner.runChild(ContainerTestRunner.java:67)
at org.ops4j.pax.exam.invoker.junit.internal.ContainerTestRunner.runChild(ContainerTestRunner.java:37)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
at org.junit.runner.JUnitCore.run(JUnitCore.java:138)
at org.ops4j.pax.exam.invoker.junit.internal.JUnitProbeInvoker.invokeViaJUnit(JUnitProbeInvoker.java:111)
at org.ops4j.pax.exam.invoker.junit.internal.JUnitProbeInvoker.findAndInvoke(JUnitProbeInvoker.java:84)
at org.ops4j.pax.exam.invoker.junit.internal.JUnitProbeInvoker.call(JUnitProbeInvoker.java:72)
at org.ops4j.pax.exam.glassfish.GlassFishTestContainer.call(GlassFishTestContainer.java:271)
at org.ops4j.pax.exam.spi.reactors.SingletonStagedReactor.invoke(SingletonStagedReactor.java:113)
at org.ops4j.pax.exam.spi.reactors.PerSuiteStagedReactor.invoke(PerSuiteStagedReactor.java:47)
at org.ops4j.pax.exam.junit.PaxExam$2.evaluate(PaxExam.java:294)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.ops4j.pax.exam.junit.PaxExam.run(PaxExam.java:111)
at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:242)
at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:137)
at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
I'd guess, this lines could be the troublemakers:
at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at com.sun.proxy.$Proxy111.bar(Unknown Source)
I'll try to do this call without using blueprint too see, what happens. But if blueprint is the problem, can i somehow handle it without replacing it?
Thank you
Solution
Ok it works now, using the aries blueprint framework as well.
I've signed the aries blueprint, proxy and utils jars manually (so they are core bundles as well) to see if this would solve the problem. Worked fine.
I'll now create a maven module, where i'll put all the blueprint bundles i need. So i can sign this bundle and don't need to sign each jar separately and also just have one bundle i'll need to deploy.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
