jersey
  1. jersey
  2. JERSEY-1874

osgi-http-service example from jersey 2.0 does not work with Felix HTTP Service (jetty) & Grizzly HTTP service

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1
    • Component/s: osgi
    • Labels:
      None

      Description

      This is a followup on the OSGi http service issue with Jersey as described in the following link: http://www.java.net/forum/topic/glassfish/glassfish/about-jersey-osgi-http-service-sample-glassfish

      The summary of the issue is that osgi-http-service example from jersey 2.0 does not work with Felix HTTP Service (jetty) & Grizzly HTTP service. However it works with pax-web HTTP service used by the functional test. The workaround to resolve the issue is to set the thread context classloader. Please see rawRegisterServlets() method in the following link:

      https://github.com/tangyong/glassfish-obr-builder/blob/master/src/main/java/org/glassfish/obrbuilder/ObrBuilderActivator.java

      For some reason pax-web http service is doing this automatically and other services do not. Not sure, if this issue can be handled within Jersey or should be an issue that HTTP service implementations should handle. What do you think ? Anyway, we were able to avoid this issue by using ResourceConfig to initialize the ServletContainer with preloaded Application class (see below).

      ResourceConfig config = ResourceConfig.forApplication(new HelloApplication());
      httpService.registerServlet("/hellojaxrs", new ServletContainer(config), null, null);
      

      Using this method, things work OK while running without security enabled. However when security is enabled, we notice that ServletContainer is expecting application registering the servlet to have several permissions like the following

      ( java.lang.RuntimePermission "accessDeclaredMembers" "")
      ( java.lang.RuntimePermission "getClassLoader" "")
      ( java.util.PropertyPermission "*" "read")
      

      Once I add these permissions to the application codebase then it works fine.

      Please note that we are see using OSGi ConditionalPermissionService, which is setup to provide full permission to Jersey & limited permission to application. We are able to run most of our stack (including JDBC) with this restricted sandbox. Is this an issue that is addressable in Jersey implementation (with appropriate doPriv blocks) ?

      One of the stacktraces is pasted below for your reference.

      java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
      	at java.security.AccessControlContext.checkPermission(Unknown Source)
      	at java.security.AccessController.checkPermission(Unknown Source)
      	at java.lang.SecurityManager.checkPermission(Unknown Source)
      	at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
      	at java.lang.Class.checkMemberAccess(Unknown Source)
      	at java.lang.Class.getDeclaredMethods(Unknown Source)
      	at org.glassfish.hk2.api.AnnotationLiteral.getMembers(AnnotationLiteral.java:93)
      	at org.glassfish.hk2.api.AnnotationLiteral.hashCode(AnnotationLiteral.java:216)
      	at java.util.HashMap.hash(Unknown Source)
      	at java.util.HashMap.put(Unknown Source)
      	at java.util.HashSet.add(Unknown Source)
      	at org.jvnet.hk2.internal.Utilities.getThreeThirtyDescriptor(Utilities.java:1012)
      	at org.jvnet.hk2.external.generator.ServiceLocatorGeneratorImpl.initialize(ServiceLocatorGeneratorImpl.java:74)
      	at org.jvnet.hk2.external.generator.ServiceLocatorGeneratorImpl.create(ServiceLocatorGeneratorImpl.java:96)
      	at org.glassfish.hk2.internal.ServiceLocatorFactoryImpl.internalCreate(ServiceLocatorFactoryImpl.java:230)
      	at org.glassfish.hk2.internal.ServiceLocatorFactoryImpl.create(ServiceLocatorFactoryImpl.java:202)
      	at org.glassfish.jersey.internal.inject.Injections._createLocator(Injections.java:142)
      	at org.glassfish.jersey.internal.inject.Injections.createLocator(Injections.java:137)
      	at org.glassfish.jersey.server.ApplicationHandler.<init>(ApplicationHandler.java:255)
      	at org.glassfish.jersey.servlet.WebComponent.<init>(WebComponent.java:274)
      	at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:167)
      	at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:349)
      	at javax.servlet.GenericServlet.init(GenericServlet.java:241)
      	at org.apache.felix.http.base.internal.handler.ServletHandler.init(ServletHandler.java:55)
      	at org.apache.felix.http.base.internal.handler.HandlerRegistry.addServlet(HandlerRegistry.java:65)
      	at org.apache.felix.http.base.internal.service.HttpServiceImpl.registerServlet(HttpServiceImpl.java:95)
      	at com.oracle.jes.samples.osgi.hellojaxrs.HelloJaxRsActivator.register(HelloJaxRsActivator.java:56)
      

        Issue Links

          Activity

          Hide
          jwells added a comment -

          The underlying HK2 issue has been fixed. If you find other paths that do not have doPriv please open other JIRA's, thanks!

          Show
          jwells added a comment - The underlying HK2 issue has been fixed. If you find other paths that do not have doPriv please open other JIRA's, thanks!

            People

            • Assignee:
              Jakub Podlesak
              Reporter:
              Marek Potociar
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 6 hours
                6h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour Time Not Required
                1h