Gitiles
Code Review Sign In
gerrit.onosproject.org / onos-felix / 35ab36a8f6bd2db56086586ddde28bf966b33175^! / .
commit35ab36a8f6bd2db56086586ddde28bf966b33175[log] [tgz]
authorFelix Meschberger <fmeschbe@apache.org>Thu Aug 27 20:11:12 2009 +0000
committerFelix Meschberger <fmeschbe@apache.org>Thu Aug 27 20:11:12 2009 +0000
tree9ad229c79b42843a34fb9dbf3294e35f49820879
parentf0cb52b67602c30a2f630c43ab50d30e4ed3caa1 [diff]
FELIX-1535 check permission against current access control context
instead of the service using bundle

git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@808595 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java
index 2929284..d5d4517 100644
--- a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java
+++ b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java

@@ -20,7 +20,6 @@
 
 
 import java.io.IOException;
-
 import org.osgi.framework.Bundle;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.cm.Configuration;
@@ -147,30 +146,38 @@
 
 
     /**
-     * Checks whether the bundle to which this instance has been given has the
-     * <code>CONFIGURE</code> permission and returns <code>true</code> in this
-     * case.
+     * Returns <code>true</code> if the current access control context (call
+     * stack) has the CONFIGURE permission.
      */
     boolean hasPermission()
     {
-        return bundle.hasPermission( new ConfigurationPermission( "*", ConfigurationPermission.CONFIGURE ) );
+        try
+        {
+            checkPermission();
+            return true;
+        }
+        catch ( SecurityException se )
+        {
+            return false;
+        }
     }
 
 
     /**
-     * Checks whether the bundle to which this instance has been given has the
-     * <code>CONFIGURE</code> permission and throws a <code>SecurityException</code>
-     * if this is not the case.
+     * Checks whether the current access control context (call stack) has the
+     * <code>CONFIGURE</code> permission and throws a
+     * <code>SecurityException</code> if this is not the case.
      *
-     * @throws SecurityException if the bundle to which this instance belongs
-     *      does not have the <code>CONFIGURE</code> permission.
+     * @throws SecurityException if the access control context does not have the
+     *             <code>CONFIGURE</code> permission.
      */
     void checkPermission()
     {
-        if ( !this.hasPermission() )
+        // the caller's permission must be checked
+        final SecurityManager sm = System.getSecurityManager();
+        if ( sm != null )
         {
-            throw new SecurityException( "Bundle " + bundle.getSymbolicName()
-                + " not permitted for Configuration Tasks" );
+            sm.checkPermission( new ConfigurationPermission( "*", ConfigurationPermission.CONFIGURE ) );
         }
     }