[
https://issues.apache.org/jira/browse/FELIX-3163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13128718#comment-13128718
]
Karl Pauls commented on FELIX-3163:
-----------------------------------
This is where you are wrong. If you assigned some permission there is no
default allpermission for the rest. They get no permission from that point on
(btw., you don't need to give the system bundle allpermission - the system
bundle has allpermission no matter what). Typically, the first thing you want
to do is to give allpermission to your policy bundle (otherwise, it can't
change the permission table anymore). Next, you want to create a rule for your
trusted bundles. What you base that on depends on your situation. A typical
example is a certain location prefix (like file:/trusted/* or
https://my.domain.com/bundles/* or something) or signing all trusted bundles
with a given certificate and use the BundleSignerCondition to give them
allpermission. After that, you can start to selectively give permissions to
3rd-party bundles...
> Failed in use ConditionalPermissionAdmin
> ----------------------------------------
>
> Key: FELIX-3163
> URL: https://issues.apache.org/jira/browse/FELIX-3163
> Project: Felix
> Issue Type: Bug
> Components: Framework Security
> Affects Versions: framework-4.0.0, framework.security-2.0.0
> Reporter: Yanni Yan
> Original Estimate: 5h
> Remaining Estimate: 5h
>
> I test ConditionalPermissionAdmin as follow:
> private void setLocalCPA() throws Exception {
> ServiceReference<?> srf =
> context.getServiceReference(ConditionalPermissionAdmin.class.getName());
> if (null == srf){
> throw new BundleException("Not found service: " +
> ConditionalPermissionAdmin.class.getName());
> }
>
> ConditionalPermissionAdmin cpa =
> (ConditionalPermissionAdmin)context.getService(srf);
> if (null == cpa){
> throw new BundleException("Failed to get service :" +
> ConditionalPermissionAdmin.class.getName());
> }
>
> ConditionalPermissionUpdate cpu =
> cpa.newConditionalPermissionUpdate();
> // clear all exist permissions
> cpu.getConditionalPermissionInfos().clear();
>
> // assign all permission to all bundles
> ConditionalPermissionInfo cpi =
> cpa.newConditionalPermissionInfo(null, new ConditionInfo[]{
> new
> ConditionInfo(BundleLocationCondition.class.getName(),new String[]
> {context.getBundle(0).getLocation()})
> }, new PermissionInfo[]{
> new
> PermissionInfo(AllPermission.class.getName(), "*", "*")
> }, ConditionalPermissionInfo.ALLOW);
> cpu.getConditionalPermissionInfos().add(cpi);
> // deny FilePermission to current bundle
>
> cpu.commit();
> }
> After my bundle start, felix hunged. I restart felix, felix print as follow:
> D:\Workspace\Felix>java -Djava.security.policy=all.policy -Dorg.osgi.fr
> amework.security=osgi -jar bin/felix.jar
> ERROR: Bundle org.apache.felix.bundlerepository [1] Error starting
> file:/D:/Work
> space/UniAgent/Felix/bundle/org.apache.felix.bundlerepository-1.6.6.jar
> (org.osg
> i.framework.BundleException: Unresolved constraint in bundle
> org.apache.felix.bu
> ndlerepository [1]: Unable to resolve 1.0: missing requirement [1.0]
> osgi.wiring
> .package;
> (&(osgi.wiring.package=org.osgi.framework)(version>=1.4.0)(!(version>=
> 2.0.0))))
> org.osgi.framework.BundleException: Unresolved constraint in bundle
> org.apache.f
> elix.bundlerepository [1]: Unable to resolve 1.0: missing requirement [1.0]
> osgi
> .wiring.package;
> (&(osgi.wiring.package=org.osgi.framework)(version>=1.4.0)(!(ve
> rsion>=2.0.0)))
> at
> org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:381
> 8)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:1868)
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1191)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStart
> LevelImpl.java:295)
> at java.lang.Thread.run(Unknown Source)
> ERROR: Bundle org.apache.felix.gogo.command [3] Error starting
> file:/D:/Workspac
> e/UniAgent/Felix/bundle/org.apache.felix.gogo.command-0.12.0.jar
> (org.osgi.frame
> work.BundleException: Unresolved constraint in bundle
> org.apache.felix.gogo.comm
> and [3]: Unable to resolve 3.0: missing requirement [3.0]
> osgi.wiring.package; (
> &(osgi.wiring.package=org.apache.felix.service.command)(status=provisional)(vers
> ion>=0.10.0)(!(version>=1.0.0))))
> org.osgi.framework.BundleException: Unresolved constraint in bundle
> org.apache.f
> elix.gogo.command [3]: Unable to resolve 3.0: missing requirement [3.0]
> osgi.wir
> ing.package;
> (&(osgi.wiring.package=org.apache.felix.service.command)(status=pro
> visional)(version>=0.10.0)(!(version>=1.0.0)))
> at
> org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:381
> 8)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:1868)
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1191)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStart
> LevelImpl.java:295)
> at java.lang.Thread.run(Unknown Source)
> ERROR: Bundle org.apache.felix.gogo.runtime [4] Error starting
> file:/D:/Workspac
> e/UniAgent/Felix/bundle/org.apache.felix.gogo.runtime-0.10.0.jar
> (org.osgi.frame
> work.BundleException: Unresolved constraint in bundle
> org.apache.felix.gogo.runt
> ime [4]: Unable to resolve 4.0: missing requirement [4.0]
> osgi.wiring.package; (
> osgi.wiring.package=org.osgi.framework))
> org.osgi.framework.BundleException: Unresolved constraint in bundle
> org.apache.f
> elix.gogo.runtime [4]: Unable to resolve 4.0: missing requirement [4.0]
> osgi.wir
> ing.package; (osgi.wiring.package=org.osgi.framework)
> at
> org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:381
> 8)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:1868)
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1191)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStart
> LevelImpl.java:295)
> at java.lang.Thread.run(Unknown Source)
> ERROR: Bundle org.apache.felix.gogo.shell [5] Error starting
> file:/D:/Workspace/
> UniAgent/Felix/bundle/org.apache.felix.gogo.shell-0.10.0.jar
> (org.osgi.framework
> .BundleException: Unresolved constraint in bundle org.apache.felix.gogo.shell
> [5
> ]: Unable to resolve 5.0: missing requirement [5.0] osgi.wiring.package;
> (&(osgi
> .wiring.package=org.apache.felix.service.command)(status=provisional)(version>=0
> .10.0)))
> org.osgi.framework.BundleException: Unresolved constraint in bundle
> org.apache.f
> elix.gogo.shell [5]: Unable to resolve 5.0: missing requirement [5.0]
> osgi.wirin
> g.package;
> (&(osgi.wiring.package=org.apache.felix.service.command)(status=provi
> sional)(version>=0.10.0))
> at
> org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:381
> 8)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:1868)
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1191)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStart
> LevelImpl.java:295)
> at java.lang.Thread.run(Unknown Source)
> ERROR: Bundle First [7] Error starting file:plugins/First_1.0.0.0.jar
> (org.osgi.
> framework.BundleException: Unresolved constraint in bundle First [7]: Unable
> to
> resolve 7.0: missing requirement [7.0] osgi.wiring.package;
> (&(osgi.wiring.packa
> ge=org.osgi.framework)(version>=1.3.0)))
> org.osgi.framework.BundleException: Unresolved constraint in bundle First
> [7]: U
> nable to resolve 7.0: missing requirement [7.0] osgi.wiring.package;
> (&(osgi.wir
> ing.package=org.osgi.framework)(version>=1.3.0))
> at
> org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:381
> 8)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:1868)
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1191)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStart
> LevelImpl.java:295)
> at java.lang.Thread.run(Unknown Source)
> I didn't know what happend. Please help me.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
