Thanks Marc! One comment I have is that there are no CXF-DOSGi unit tests for this code. I know that it's tested in the OSGi TCK but it would be good to have some tests for it in the CXF-DOSGi codebase. Do you think you can add these?
Cheers, David On 26 April 2010 08:30, <msch...@apache.org> wrote: > Author: mschaaf > Date: Mon Apr 26 07:30:42 2010 > New Revision: 937947 > > URL: http://svn.apache.org/viewvc?rev=937947&view=rev > Log: > - some additions to the zookeeper discovery to be compiant with the TCK > - some refactoring in the zookeeper discovery > - added some basic security checks to the DSW to comply with the TCK security > tests > > Added: > cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/ > > cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/permissions.perm > Modified: > > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/EndpointListenerTrackerCustomizer.java > > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceDataMonitorListenerImpl.java > > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceMonitor.java > > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/Util.java > > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClientServiceFactory.java > > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ServiceInvocationHandler.java > > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminCore.java > > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminInstance.java > > Modified: > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/EndpointListenerTrackerCustomizer.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/EndpointListenerTrackerCustomizer.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/EndpointListenerTrackerCustomizer.java > (original) > +++ > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/EndpointListenerTrackerCustomizer.java > Mon Apr 26 07:30:42 2010 > @@ -71,14 +71,21 @@ public class EndpointListenerTrackerCust > for (String key : sref.getPropertyKeys()) { > LOG.finest("modifiedService: property: " + key + " => " + > sref.getProperty(key)); > } > - String[] scopes = > getStringPlusProperty(sref.getProperty(EndpointListener.ENDPOINT_LISTENER_SCOPE)); > - LOG.fine("trying to discover service for scopes[" + scopes.length + > "]: "); > + > + String[] scopes = Util.getScopes(sref); > + > + LOG.info("trying to discover services for scopes[" + scopes.length + > "]: "); > if(scopes!=null) for (String scope : scopes) { > - LOG.fine("Scope: "+scope); > + LOG.info("Scope: "+scope); > } > if (scopes.length > 0) { > for (String scope : scopes) { > LOG.fine("*********** Handling scope: " + scope); > + if("".equals(scope) || scope == null){ > + LOG.warning("skipping empty scope from EndpointListener > from " + sref.getBundle().getSymbolicName()); > + continue; > + } > + > String objClass = getObjectClass(scope); > LOG.fine("*********** objectClass: " + objClass); > > @@ -100,10 +107,10 @@ public class EndpointListenerTrackerCust > interest.im.close(); > interest.im = null; > } > - > + > InterfaceMonitor dm = new > InterfaceMonitor(zooKeeperDiscovery.getZookeeper(), > objClass, > interest, scope, bctx); > - dm.process(); > + dm.start(); > interest.im = dm; > > List<String> handledScopes = > handledEndpointlisteners.get(sref); > @@ -149,34 +156,7 @@ public class EndpointListenerTrackerCust > > } > > - private String[] getStringPlusProperty(Object property) { > - > - if (property instanceof String) { > - // System.out.println("String"); > - String[] ret = new String[1]; > - ret[0] = (String)property; > - return ret; > - } > - > - if (property instanceof String[]) { > - // System.out.println("String[]"); > - return (String[])property; > - } > - > - if (property instanceof Collection) { > - Collection col = (Collection)property; > - // System.out.println("Collection: size "+col.size()); > - String[] ret = new String[col.size()]; > - int x = 0; > - for (Object s : col) { > - ret[x] = (String)s; > - ++x; > - } > - return ret; > - } > - > - return new String[0]; > - } > + > > // public void discoveredEndpont(EndpointDescription epd) { > // LOG.info("Endpoint Discovered: " + epd.getProperties()); > > Modified: > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceDataMonitorListenerImpl.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceDataMonitorListenerImpl.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceDataMonitorListenerImpl.java > (original) > +++ > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceDataMonitorListenerImpl.java > Mon Apr 26 07:30:42 2010 > @@ -19,9 +19,12 @@ > package org.apache.cxf.dosgi.discovery.zookeeper; > > import java.io.ByteArrayInputStream; > +import java.util.Dictionary; > import java.util.HashMap; > import java.util.List; > import java.util.Map; > +import java.util.Properties; > +import java.util.Set; > import java.util.logging.Level; > import java.util.logging.Logger; > > @@ -31,6 +34,8 @@ import org.apache.zookeeper.ZooKeeper; > import org.apache.zookeeper.data.Stat; > import org.jdom.Element; > import org.osgi.framework.BundleContext; > +import org.osgi.framework.Filter; > +import org.osgi.framework.FrameworkUtil; > import org.osgi.framework.ServiceReference; > import org.osgi.service.remoteserviceadmin.EndpointDescription; > import org.osgi.service.remoteserviceadmin.EndpointListener; > @@ -63,6 +68,9 @@ public class InterfaceDataMonitorListene > discoveredServiceTracker = dst; > bctx = bc; > this.scope = scope; > + > + > + LOG.fine("InterfaceDataMonitorListenerImpl is recursive: > "+recursive); > } > > public synchronized void change() { > @@ -94,7 +102,7 @@ public class InterfaceDataMonitorListene > > List<String> children; > try { > - LOG.fine("Processing " + znode); > + LOG.info("Processing the children of " + znode); > children = zookeeper.getChildren(znode, false); > > for (String child : children) { > @@ -125,7 +133,7 @@ public class InterfaceDataMonitorListene > try { > Stat s = zookeeper.exists(node, false); > if (s.getDataLength() <= 0) { > - LOG.fine(node + " does not contain any discovery data"); > + //LOG.info(node + " does not contain any discovery data"); > return null; > } > byte[] data = zookeeper.getData(node, false, null); > @@ -149,10 +157,27 @@ public class InterfaceDataMonitorListene > if (bctx.getService(sref) instanceof EndpointListener) { > EndpointListener epl = > (EndpointListener)bctx.getService(sref); > > - LOG.info("calling EndpointListener; " + epl + "from > bundle " > - + sref.getBundle().getSymbolicName()); > - > - epl.endpointAdded(epd, scope); > + // return the >first< matching scope of the listener > + String[] scopes = Util.getScopes(sref); > + for (String currentScope : scopes) { > + LOG.fine("matching " + epd + " against > "+currentScope); > + Filter f = > FrameworkUtil.createFilter(currentScope); > + > + Dictionary d = new Properties(); > + Map<String, Object> props = epd.getProperties(); > + Set<Map.Entry<String, Object>> entries = > props.entrySet(); > + for (Map.Entry<String, Object> entry : entries) { > + d.put(entry.getKey(), entry.getValue()); > + } > + > + if(f.match(d)){ > + LOG.fine("MATCHED " + epd + "against > "+currentScope); > + LOG.info("calling EndpointListener; " + epl > + " from bundle " > + + > sref.getBundle().getSymbolicName() + " based on scope ["+currentScope+"]"); > + epl.endpointAdded(epd, currentScope); > + break; > + } > + } > } > } > } else if (!prevVal.equals(epd.getProperties())) { > > Modified: > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceMonitor.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceMonitor.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceMonitor.java > (original) > +++ > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/InterfaceMonitor.java > Mon Apr 26 07:30:42 2010 > @@ -40,12 +40,17 @@ public class InterfaceMonitor implements > private boolean closed = false; > > public InterfaceMonitor(ZooKeeper zk, String intf, > EndpointListenerTrackerCustomizer.Interest zkd, String scope, BundleContext > bctx) { > + LOG.fine("Creating new InterfaceMonitor for scope ["+scope+"] and > objectClass ["+intf+"] "); > listener = new InterfaceDataMonitorListenerImpl(zk, intf, > zkd,scope,bctx); > zookeeper = zk; > znode = Util.getZooKeeperPath(intf); > } > > - public void process() { > + public void start() { > + process(); > + } > + > + private void process() { > LOG.finest("Kicking off a zookeeper.exists() on node: " + znode); > zookeeper.exists(znode, this, this, null); > } > > Modified: > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/Util.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/Util.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/Util.java > (original) > +++ > cxf/dosgi/trunk/discovery/distributed/cxf-discovery/src/main/java/org/apache/cxf/dosgi/discovery/zookeeper/Util.java > Mon Apr 26 07:30:42 2010 > @@ -18,10 +18,14 @@ > */ > package org.apache.cxf.dosgi.discovery.zookeeper; > > +import java.util.ArrayList; > import java.util.Arrays; > import java.util.Collection; > import java.util.Collections; > > +import org.osgi.framework.ServiceReference; > +import org.osgi.service.remoteserviceadmin.EndpointListener; > + > public class Util { > static final String PATH_PREFIX = "/osgi/service_registry"; > > @@ -43,4 +47,44 @@ public class Util { > return PATH_PREFIX + '/' + name.replace('.', '/'); > } > > + > + static String[] getStringPlusProperty(Object property) { > + > + if (property instanceof String) { > + // System.out.println("String"); > + String[] ret = new String[1]; > + ret[0] = (String)property; > + return ret; > + } > + > + if (property instanceof String[]) { > + // System.out.println("String[]"); > + return (String[])property; > + } > + > + if (property instanceof Collection) { > + Collection col = (Collection)property; > + // System.out.println("Collection: size "+col.size()); > + String[] ret = new String[col.size()]; > + int x = 0; > + for (Object s : col) { > + ret[x] = (String)s; > + ++x; > + } > + return ret; > + } > + > + return new String[0]; > + } > + > + public static String[] getScopes(ServiceReference sref) { > + String[] scopes = > Util.getStringPlusProperty(sref.getProperty(EndpointListener.ENDPOINT_LISTENER_SCOPE)); > + ArrayList<String> normalizedScopes = new > ArrayList<String>(scopes.length); > + for (String scope : scopes) { > + if(scope!=null || "".equals(scope)) > + normalizedScopes.add(scope); > + } > + return normalizedScopes.toArray(new String[normalizedScopes.size()]); > + } > + > } > > Added: > cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/permissions.perm > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/permissions.perm?rev=937947&view=auto > ============================================================================== > --- > cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/permissions.perm > (added) > +++ > cxf/dosgi/trunk/distribution/single-bundle/src/main/resources/OSGI-INF/permissions.perm > Mon Apr 26 07:30:42 2010 > @@ -0,0 +1,29 @@ > +# > +# Licensed to the Apache Software Foundation (ASF) under one > +# or more contributor license agreements. See the NOTICE file > +# distributed with this work for additional information > +# regarding copyright ownership. The ASF licenses this file > +# to you under the Apache License, Version 2.0 (the > +# "License"); you may not use this file except in compliance > +# with the License. You may obtain a copy of the License at > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, > +# software distributed under the License is distributed on an > +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > +# KIND, either express or implied. See the License for the > +# specific language governing permissions and limitations > +# under the License. > +# > + > +(java.security.AllPermission ) > + > +(org.osgi.framework.PackagePermission "*" "import") > +(org.osgi.framework.PackagePermission "*" "export") > + > +(org.osgi.framework.ServicePermission "*" "register") > +(org.osgi.framework.ServicePermission "*" "get") > + > +(org.osgi.framework.AdminPermission "*" "metadata") > +(org.osgi.framework.AdminPermission "*" "listen") > > Modified: > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClientServiceFactory.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClientServiceFactory.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClientServiceFactory.java > (original) > +++ > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClientServiceFactory.java > Mon Apr 26 07:30:42 2010 > @@ -18,6 +18,9 @@ > */ > package org.apache.cxf.dosgi.dsw.handlers; > > +import java.security.AccessController; > +import java.security.PrivilegedAction; > +import java.util.List; > import java.util.logging.Level; > import java.util.logging.Logger; > > @@ -51,14 +54,20 @@ public class ClientServiceFactory implem > importRegistartion = ir; > } > > - public Object getService(Bundle requestingBundle, ServiceRegistration > sreg) { > + public Object getService(final Bundle requestingBundle, final > ServiceRegistration sreg) { > String interfaceName = sd.getInterfaces() != null && > sd.getInterfaces().size() > 0 ? (String)sd > .getInterfaces().toArray()[0] : null; > + > LOG.info("************ getService() from serviceFactory for " + > interfaceName); > > try { > - Object proxy = handler.createProxy(sreg.getReference(), > dswContext, requestingBundle > - .getBundleContext(), iClass, sd); > + Object proxy = AccessController.doPrivileged(new > PrivilegedAction<Object>() { > + public Object run() { > + return handler.createProxy(sreg.getReference(), > dswContext, requestingBundle > + .getBundleContext(), > iClass, sd); > + } > + }); > + > synchronized (this) { > ++serviceCounter; > } > > Modified: > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ServiceInvocationHandler.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ServiceInvocationHandler.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ServiceInvocationHandler.java > (original) > +++ > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ServiceInvocationHandler.java > Mon Apr 26 07:30:42 2010 > @@ -22,6 +22,9 @@ import java.lang.reflect.InvocationHandl > import java.lang.reflect.InvocationTargetException; > import java.lang.reflect.Method; > import java.lang.reflect.Proxy; > +import java.security.AccessController; > +import java.security.PrivilegedAction; > +import java.security.PrivilegedExceptionAction; > import java.util.ArrayList; > import java.util.Arrays; > import java.util.Collection; > @@ -45,7 +48,7 @@ public class ServiceInvocationHandler im > introspectType(iType); > } > > - public Object invoke(Object proxy, Method m, Object[] params) throws > Throwable { > + public Object invoke(Object proxy, final Method m, Object[] params) > throws Throwable { > if (OBJECT_METHODS.contains(m)) { > if (m.getName().equals("equals")) { > params = new Object[] {Proxy.getInvocationHandler(params[0])}; > @@ -56,7 +59,12 @@ public class ServiceInvocationHandler im > ClassLoader oldCl = Thread.currentThread().getContextClassLoader(); > try { > > Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); > - return m.invoke(serviceObject, params); > + final Object[] paramsFinal = params; > + return AccessController.doPrivileged(new > PrivilegedExceptionAction<Object>() { > + public Object run() throws Exception { > + return m.invoke(serviceObject, paramsFinal); > + } > + }); > } catch (Throwable ex) { > Throwable theCause = ex.getCause() == null ? ex : ex.getCause(); > > > Modified: > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminCore.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminCore.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminCore.java > (original) > +++ > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminCore.java > Mon Apr 26 07:30:42 2010 > @@ -22,16 +22,12 @@ import java.util.ArrayList; > import java.util.Collection; > import java.util.Collections; > import java.util.Dictionary; > -import java.util.Enumeration; > import java.util.HashMap; > -import java.util.HashSet; > import java.util.Hashtable; > -import java.util.Iterator; > import java.util.LinkedHashMap; > import java.util.List; > import java.util.Map; > import java.util.Properties; > -import java.util.Set; > import java.util.logging.Logger; > > import org.apache.cxf.dosgi.dsw.ClassUtils; > @@ -337,8 +333,8 @@ public class RemoteServiceAdminCore impl > /** > * Importing form here .... > */ > - public ImportRegistration importService(EndpointDescription endpoint) { > - > + public ImportRegistration importService(EndpointDescription endpoint) { > + > LOG.info("importService() Endpoint: " + endpoint.getProperties()); > > synchronized (importedServices) { > > Modified: > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminInstance.java > URL: > http://svn.apache.org/viewvc/cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminInstance.java?rev=937947&r1=937946&r2=937947&view=diff > ============================================================================== > --- > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminInstance.java > (original) > +++ > cxf/dosgi/trunk/dsw/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/service/RemoteServiceAdminInstance.java > Mon Apr 26 07:30:42 2010 > @@ -1,23 +1,26 @@ > /** > - * Licensed to the Apache Software Foundation (ASF) under one > - * or more contributor license agreements. See the NOTICE file > - * distributed with this work for additional information > - * regarding copyright ownership. The ASF licenses this file > - * to you under the Apache License, Version 2.0 (the > - * "License"); you may not use this file except in compliance > - * with the License. You may obtain a copy of the License at > - * > - * http://www.apache.org/licenses/LICENSE-2.0 > - * > - * Unless required by applicable law or agreed to in writing, > - * software distributed under the License is distributed on an > - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > - * KIND, either express or implied. See the License for the > - * specific language governing permissions and limitations > - * under the License. > - */ > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations > + * under the License. > + */ > package org.apache.cxf.dosgi.dsw.service; > > +import java.security.AccessControlContext; > +import java.security.AccessController; > +import java.security.PrivilegedAction; > import java.util.ArrayList; > import java.util.Collection; > import java.util.Collections; > @@ -25,17 +28,18 @@ import java.util.List; > import java.util.Map; > import java.util.logging.Logger; > > +import org.apache.cxf.dosgi.dsw.OsgiUtils; > import org.osgi.framework.BundleContext; > import org.osgi.framework.ServiceReference; > import org.osgi.service.remoteserviceadmin.EndpointDescription; > +import org.osgi.service.remoteserviceadmin.EndpointPermission; > import org.osgi.service.remoteserviceadmin.ExportRegistration; > import org.osgi.service.remoteserviceadmin.ImportRegistration; > import org.osgi.service.remoteserviceadmin.RemoteServiceAdmin; > > - > public class RemoteServiceAdminInstance implements RemoteServiceAdmin { > Logger LOG = Logger.getLogger(RemoteServiceAdminInstance.class.getName()); > - > + > private BundleContext bctx; > private RemoteServiceAdminCore rsaCore; > > @@ -51,38 +55,86 @@ public class RemoteServiceAdminInstance > > public List /* ExportRegistration */exportService(ServiceReference ref, > Map properties) > throws IllegalArgumentException, UnsupportedOperationException { > - if (closed) > - return Collections.EMPTY_LIST; > > - synchronized (exportedServices) { > - List er = rsaCore.exportService(ref, properties); > - if(er!=null) > - exportedServices.addAll(er); > - return er; > + SecurityManager sm = System.getSecurityManager(); > + EndpointPermission epp = new EndpointPermission("*", > EndpointPermission.EXPORT); > + > + > + if (sm != null) { > + sm.checkPermission(epp); > } > + > + > + final ServiceReference refFinal = ref; > + final Map propertiesFinal = properties; > + > + return AccessController.doPrivileged(new PrivilegedAction<List>() { > + public List run() { > + > + if (closed) > + return Collections.EMPTY_LIST; > + > + synchronized (exportedServices) { > + List er = rsaCore.exportService(refFinal, > propertiesFinal); > + if (er != null) > + exportedServices.addAll(er); > + return er; > + } > + } > + }); > } > > public Collection getExportedServices() { > + > + SecurityManager sm = System.getSecurityManager(); > + EndpointPermission epp = new EndpointPermission("*", > EndpointPermission.READ); > + if (sm != null) { > + sm.checkPermission(epp); > + } > + > if (closed) > return null; > return rsaCore.getExportedServices(); > } > > public Collection getImportedEndpoints() { > + > + SecurityManager sm = System.getSecurityManager(); > + EndpointPermission epp = new EndpointPermission("*", > EndpointPermission.READ); > + if (sm != null) { > + sm.checkPermission(epp); > + } > + > if (closed) > return null; > return rsaCore.getImportedEndpoints(); > } > > public ImportRegistration importService(EndpointDescription endpoint) { > - if (closed) > - return null; > - synchronized (importedServices) { > - ImportRegistration ir = rsaCore.importService(endpoint); > - if(ir!=null) > - importedServices.add(ir); > - return ir; > + > + final EndpointDescription epd = endpoint; > + > + SecurityManager sm = System.getSecurityManager(); > + EndpointPermission epp = new EndpointPermission(epd, > OsgiUtils.getUUID(bctx), > + > EndpointPermission.IMPORT); > + if (sm != null) { > + sm.checkPermission(epp); > } > + > + return AccessController.doPrivileged(new > PrivilegedAction<ImportRegistration>() { > + public ImportRegistration run() { > + > + if (closed) > + return null; > + > + synchronized (importedServices) { > + ImportRegistration ir = rsaCore.importService(epd); > + if (ir != null) > + importedServices.add(ir); > + return ir; > + } > + } > + }); > } > > public void close() { > @@ -91,14 +143,14 @@ public class RemoteServiceAdminInstance > synchronized (importedServices) { > LOG.info("Removing all services imported by this RSA instance"); > for (ImportRegistration ir : importedServices) { > - LOG.finest("Closing ImportRegistration "+ir); > + LOG.finest("Closing ImportRegistration " + ir); > ir.close(); > } > } > synchronized (exportedServices) { > LOG.info("Removing all services exported by this RSA instance"); > for (ExportRegistration er : exportedServices) { > - LOG.finest("Closing ExportRegistration "+er); > + LOG.finest("Closing ExportRegistration " + er); > er.close(); > } > } > > >
