FELIX-4962 : Configadmin leaks caller's security context downstream. Apply patch by Ray Auge and move to parent pom 3
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1691989 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/configadmin/pom.xml b/configadmin/pom.xml
index e749dda..3ade4ee 100644
--- a/configadmin/pom.xml
+++ b/configadmin/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.felix</groupId>
<artifactId>felix-parent</artifactId>
- <version>2.1</version>
+ <version>3</version>
<relativePath>../pom/pom.xml</relativePath>
</parent>
@@ -74,10 +74,6 @@
<bundle.file.name>
${bundle.build.name}/${project.build.finalName}.jar
</bundle.file.name>
-
- <felix.build.source>5</felix.build.source>
- <felix.build.target>5</felix.build.target>
- <felix.java.signature.artifactId>java15</felix.java.signature.artifactId>
</properties>
<dependencies>
@@ -224,33 +220,6 @@
</instructions>
</configuration>
</plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>animal-sniffer-maven-plugin</artifactId>
- <version>1.7</version>
- <configuration>
- <signature>
- <groupId>org.codehaus.mojo.signature</groupId>
- <artifactId>java15</artifactId>
- <version>1.0</version>
- </signature>
- </configuration>
- <executions>
- <execution>
- <phase>test</phase>
- <goals>
- <goal>check</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <source>1.5</source>
- <target>1.5</target>
- </configuration>
- </plugin>
<!--
Exclude Integration tests in (default) unit tests and
conversely enable integration tests for integration testing
diff --git a/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java b/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java
index f4951aa..17cf68c 100644
--- a/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java
+++ b/configadmin/src/main/java/org/apache/felix/cm/impl/UpdateThread.java
@@ -18,6 +18,10 @@
*/
package org.apache.felix.cm.impl;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.LinkedList;
@@ -47,12 +51,15 @@
// the actual thread
private Thread worker;
+ // the access control context
+ private final AccessControlContext acc;
public UpdateThread( final ConfigurationManager configurationManager, final ThreadGroup tg, final String name )
{
this.configurationManager = configurationManager;
this.workerThreadGroup = tg;
this.workerBaseName = name;
+ this.acc = AccessController.getContext();
this.updateTasks = new LinkedList();
}
@@ -100,7 +107,7 @@
configurationManager.log( LogService.LOG_DEBUG, "Running task {0}", new Object[]
{ task } );
- task.run();
+ run0(task);
}
catch ( Throwable t )
{
@@ -114,6 +121,29 @@
}
}
+ void run0(final Runnable task) throws Throwable {
+ if (System.getSecurityManager() != null) {
+ try {
+ AccessController.doPrivileged(
+ new PrivilegedExceptionAction<Void>() {
+ @Override
+ public Void run() throws Exception {
+ task.run();
+ return null;
+ }
+ },
+ acc
+ );
+ }
+ catch (PrivilegedActionException pae) {
+ throw pae.getException();
+ }
+ }
+ else {
+ task.run();
+ }
+ }
+
/**
* Starts processing the queued tasks. This method does nothing if the
* worker has already been started.