CONTEXT: We are currently developing a thick client framework using OSGi.
Although the basic implementation is done, we are now facing a lot of
problems in providing security to the framework.
I have a Bootstrap.java class that has Felix.jar in its classpath. It
launches felix using Felix.start() with an initial set of startup bundles
configured in it. These startup bundles include:
1 bundle repository(OBR)
2. permission admin(trialog implementation)
3. permission manager( i am consuming the permadmin service and set some
permissions for the bundles )
4. application manager ( this exposes appManager service; which in turn
consumes the repository admin service provided by the OBR bundle, and when
given Bundle B1 as input, will deploy B1, B2 and B3 in the runtime because
they are dependent bundles. ) There are some other things appManager service
does, so we cant use repoadmin directly.
FLOW: For navigation between the thick clent screens, we consume the
appManager service, with the startup bundle required for the next screen.
This in turn loads all the required bundles and show me the next screen.
WHAT I WANT: I want to provide certain preset permissions to all the bundles
in my framework, with a default set of permissions specified.
PROBLEM: In the bootstrap class I instantiate a security manager and give it
a policy file. The policy file has the following entries:
grant codeBase
"file:/E:/osgi/FelixLocalRepository/kernel/csp-gui-bootstrap/1.0.0/csp-gui-bootstrap-1.0.0.jar"
{
permission java.security.AllPermission;
};
grant codeBase
"file:/E:/osgi/FelixLocalRepository/kernel/felix/1.0.4/felix-1.0.4.jar" {
permission java.security.AllPermission;
};
This works fine. But when the framework starts I want the permission manager
to take over. This is what we set:
permAdmin.setPermissions(
"file:/E:/osgi/FelixLocalRepository/kernel/felix/1.0.4/felix-1.0.4.jar",
new PermissionInfo[]{new PermissionInfo(FilePermission.class.getName(), "*",
"read,write,delete")});
permAdmin.setPermissions("file:/E:/osgi/FelixLocalRepository/kernel/csp-gui-bootstrap/1.0.0/csp-gui-bootstrap-1.0.0.jar",
new PermissionInfo[]{new PermissionInfo(FilePermission.class.getName(), "*",
"read,write,delete")});
permAdmin.setDefaultPermissions(
new PermissionInfo[] { new PermissionInfo(FilePermission.class.getName(),
"*", "read,write,delete")});
Without the first 2 entries, felix does not start, even though i mentioned
it in policy file of the csp-gui-bootstrap.jar.
I am purposely, not granting enough permissions with the
setDefaultPermissions(), so that the other bundles fail to start. But to my
surprise, everything starts fine. How is this possible?
If I was unable to give a clear picture of the scenario, plz ask me specific
questions.
Awaiting reply.
Krish.
--
View this message in context:
http://www.nabble.com/Adding-permissions-in-Felix-tp20264359p20264359.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
