[jira] [Created] (WINK-427) JaxRsFilter fails if OSGi security is enabled

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (WINK-427) JaxRsFilter fails if OSGi security is enabled

JIRA jira@apache.org
Valentin Valchev created WINK-427:
-------------------------------------

             Summary: JaxRsFilter fails if OSGi security is enabled
                 Key: WINK-427
                 URL: https://issues.apache.org/jira/browse/WINK-427
             Project: Wink
          Issue Type: Bug
          Components: OSGi
            Reporter: Valentin Valchev
            Priority: Critical


When the filter code is executed, the stack will contain classes from the Http Service.

OSGi allows the administrator to give different permissions to each bundle. So if the HTTP is given less permissions by the wink-osgi bundle, the doFilter() method might fails with SecurityException.

Example:
http is given permissions A,B,C
wink-osgi is given ALL permissions
anyway, the security context, when doFilter() is executed will allow only A,B and C permissions.

Therefore it's recommended to use privileged block in doFilter() method or in winkProvider.handleRequest().



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)