The spec, in 9.10, explains the relation between CPA and PA, and
states "The default conditions of Permission Admin are therefore never
used when Conditional Permission Admin is present." (last sentence of
next to last paragraph).
From your explanation below I get the impression that default
conditions still have an influence.
In short my interpretation, when CPA and PA are present, is that:
- PA's default permissions get ignored completely
- PA's location bound permissions, if present, should be used (in
which case, the CPA is completely ignored)
- CPA's permissions should be used in all other cases.
What do you think?
Greetings, Marcel
On Feb 7, 2008, at 15:26 , Thomas Watson wrote:
Equinox does not have a way to run with ConditionalPermissionAdmin
but without PermissionAdmin. But you can get equivalent behavior by
setting the default permissions in PermissionAdmin to an empty array
(i.e. permAdmin.setDefaultPermissions(new PermissionInfo[0])). If
you don't do this then the "default default" permissions for
permission admin is AllPermissions.
This will allow you to control all the permissions with
ConditionalPermissionAdmin and the permission checks will not fall
back to the default permissions in PermissionAdmin.
Tom
<graycol.gif>Marcel Offermans ---02/07/2008 06:20:22 AM---The OSGi
security model started out with the Permission Admin service.
<ecblank.gif>
From: <ecblank.gif>
Marcel Offermans <[EMAIL PROTECTED]>
<ecblank.gif>
To: <ecblank.gif>
Equinox development mailing list <equinox-dev@eclipse.org>
<ecblank.gif>
Date: <ecblank.gif>
02/07/2008 06:20 AM
<ecblank.gif>
Subject: <ecblank.gif>
[equinox-dev] Support for launching with just (Conditional)
Permission Admin?
The OSGi security model started out with the Permission Admin service.
Lateron, the Conditional Permission Admin was added. Frameworks are
allowed to publish:
- none of these services (the default, no security is active);
- just Permission Admin (the "older" model);
- just Conditional Permission Admin (encouraged, the "new way" to do
it);
- both Permission Admin and Conditional Permission Admin (most
compatible option, with some special restrictions).
My question: I can run both without and with both services published,
but does equinox also allow me to run with just PermissionAdmin or
ConditionalPermissionAdmin? If so, how?
_______________________________________________
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev