John Wells (Aziz)
[EMAIL PROTECTED]
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Srijith Kochunni
Sent: Wednesday, April 16, 2008 4:48 AM
To: Equinox development mailing list
Subject: Re: [equinox-dev] Granting permissions for usage of
Bundle
Thanks for your prompt reply. So the best practice is to have a
management agent set of bundles maintaining policy information and
responsible for managing the other bundles, which is great.!
Regarding the other question, pardon me but I am not able to
understand the term "super user" . Are you referring to the management
bundle here.?
[jwells] Yes, I think that is what he's saying. Basically he's
saying that the management bundle, since it must have AllPermission, is
like a superuser in that it is not restricted from any operation.
Also let us say I export a service instead of a package, then
is it possible for a separate management agent to enforce that only a
particular bundle B can consume my service. Are the security conditions
and permissions different for a service and package.
[jwells] Yes, there is both a ServicePermission and a
PackagePermission and they are different things!
Thanks,
Srijith.
>>> BJ Hargrave <[EMAIL PROTECTED]> 04/15/08 7:34 PM >>>
In general, the management of permission is best done by a
management agent: a bundle (or set of bundles) tasked with managing the
set of installed bundles including the security policy. Enforcing
permissions of course means that a SecurityManager is installed.
In order to modify the permissions on CPA, the caller must have
AllPermission. So, in your example, bundle A would need AllPermission to
modify the permissions so that only bundle B can import a specific
package. Bundle A is then a "super user" which seems wrong.
--
BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the OSGi Alliance <http://www.osgi.org/>
[EMAIL PROTECTED]
office: +1 386 848 1781
mobile: +1 386 848 3788
From:
"Srijith Kochunni" <[EMAIL PROTECTED]>
To:
<[email protected]>
Date:
2008/04/15 07:03 AM
Subject:
[equinox-dev] Granting permissions for usage of Bundle
________________________________
Hi All,
I have a bundle(A) from which I am exporting a package.
I want to ensure that this package can be imported only by another
particular bundle(B) in the OSGi runtime. Have been reading the spec
about Conditional Permission Admin Service and Permission Admin Service,
but am finding it difficult to understand whether they do provide such a
facility and if so how it can be achieved using these core services.
Again I do not want to use a separate Management Agent
bundle to enforce this scenario, unless there is no other option. It
would be better if I could achieve this by writing code in my consumed
bundle alone. Any links to examples for using Permission Admin Service /
Conditional Permission Service would also be helpful.
Thanks,
Srijith. _______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
Notice: This email message, together with any attachments, may contain
information of BEA Systems, Inc., its subsidiaries and affiliated
entities, that may be confidential, proprietary, copyrighted and/or legally
privileged, and is intended solely for the use of the individual or entity
named in this message. If you are not the intended recipient, and have received
this message in error, please immediately return this by email and then delete
it._______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
