Thanks for your prompt reply. So the best practice is to have a management agent set of bundles maintaining policy information and responsible for managing the other bundles, which is great.!
Regarding the other question, pardon me but I am not able to understand the term "super user" . Are you referring to the management bundle here.? Also let us say I export a service instead of a package, then is it possible for a separate management agent to enforce that only a particular bundle B can consume my service. Are the security conditions and permissions different for a service and package. Thanks, Srijith. >>> BJ Hargrave <[EMAIL PROTECTED]> 04/15/08 7:34 PM >>> In general, the management of permission is best done by a management agent: a bundle (or set of bundles) tasked with managing the set of installed bundles including the security policy. Enforcing permissions of course means that a SecurityManager is installed. In order to modify the permissions on CPA, the caller must have AllPermission. So, in your example, bundle A would need AllPermission to modify the permissions so that only bundle B can import a specific package. Bundle A is then a "super user" which seems wrong. -- BJ Hargrave Senior Technical Staff Member, IBM OSGi Fellow and CTO of the OSGi Alliance ( http://www.osgi.org/ ) [EMAIL PROTECTED] office: +1 386 848 1781 mobile: +1 386 848 3788 From: "Srijith Kochunni" <[EMAIL PROTECTED]> To: <[email protected]> Date: 2008/04/15 07:03 AM Subject: [equinox-dev] Granting permissions for usage of Bundle Hi All, I have a bundle(A) from which I am exporting a package. I want to ensure that this package can be imported only by another particular bundle(B) in the OSGi runtime. Have been reading the spec about Conditional Permission Admin Service and Permission Admin Service, but am finding it difficult to understand whether they do provide such a facility and if so how it can be achieved using these core services. Again I do not want to use a separate Management Agent bundle to enforce this scenario, unless there is no other option. It would be better if I could achieve this by writing code in my consumed bundle alone. Any links to examples for using Permission Admin Service / Conditional Permission Service would also be helpful. Thanks, Srijith. _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
