[jira] Created: (ARIES-497) Subsystem-scope: some prototype work for java security

Thu, 18 Nov 2010 11:32:35 -0800 

Subsystem-scope: some prototype work for java security
------------------------------------------------------

                 Key: ARIES-497
                 URL: https://issues.apache.org/jira/browse/ARIES-497
             Project: Aries
          Issue Type: Improvement
          Components: Subsystem
            Reporter: Lin Sun
            Assignee: Lin Sun
            Priority: Minor


I have done some prototype work for for subsystem with java security.  The idea 
is when security manager is turned on, we want to allow the subsystem to have 
some sort of default permissions (default allows and denys).

I haven't really gotten the piece of work working but I thought I should check 
what I have.   Here is what it is able to do:
1. added default allows and denys for scope when each of the scope is created.  
If the scope provides its own permission file, this file needs to be read. 
(TBD).
2. added itests for these.  Unfortunately itests are not passing yet, but I was 
able to turn on security w/ equinox and run through the itests.  The itests 
currently failed when scopeUpdateImpl is trying to register the scopeadmin 
service in the service registry but didn't have permission to do so.   It seems 
I am not configuring the permission correctly for the subsystem.scope.impl 
bundle.   I thought I should check in what I have for now.   The tests of 
course pass when security is off.

  <error message="access denied (org.osgi.framework.ServicePermission 
org.apache.aries.subsystem.scope.ScopeAdmin register)" 
type="java.security.AccessControlException">java.security.AccessControlException:
 access denied (org.osgi.framework.ServicePermission 
org.apache.aries.subsystem.scope.ScopeAdmin register)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at 
org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
        at 
org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
        at 
org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
        at 
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.checkRegisterServicePermission(ServiceRegistry.java:1021)
        at 
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:200)
        at 
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:429)
        at 
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:447)
        at 
org.apache.aries.subsystem.scope.impl.ScopeUpdateImpl.commit(ScopeUpdateImpl.java:164)


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to