I have mislead you on the service permission. Keep in mind that a service permission is checked at runtime only and NOT at resolve time. Say Bundle X registers service Foo. At runtime, bundle X must have the proper ServicePermission or a security exception will be thrown when bundle X tries to register the Foo service. Service dependencies are do not influence if a bundle can be resolved or not and therefore service permissions are not checked at resolve time.
What I think you mean is that bundle X is not allowed to start if it is not granted the proper service permission. This is likely because the BundleActivator.start method for Bundle X is attempting to register the service Foo and this causes a SecurityException at start. Starting a bundle is a separate lifecycle operation from resolving a bundle. So in this case bundle X is allowed to resolve even though it is not granted the ServicePermission to do so. Tom |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Ali Naddaf <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Equinox development mailing list <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Cc: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Thomas Watson/Austin/IBM@IBMUS | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |03/21/2011 11:22 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Re: [equinox-dev] A few questions on ConditionalPermissionAdmin | >--------------------------------------------------------------------------------------------------------------------------------------------------| Thank you Tom for your explanation. Although the behavior in 1 is still a bit strange for me (since, for example, if the very same bundle exports a service without having the permission to, it fails to resolve but on the same account, all its constraints are satisfied, in other words, in terms of exporting a package or a service, seem to be somewhat similar to each other but we have two different behaviors), I am fine since now I know what is going on and can move on. On the item 3, I will open an enhancement request. Ali. On 3/21/2011 10:39 AM, Thomas Watson wrote: 1. In the case where the bundle does not have the proper export permission: The bundle is allowed to resolve because its own constraints have been satisfied. This allows the bundle to activate since it can resolve. The fact that the bundle is not actually allowed to export something does not prevent it from being able to resolve. 2. and 3. I am not aware of any graphical tools to do this. Although 3. could be in the realm of PDE since this is editing the content of a bundle. You should consider opening a bug against PDE->UI for this (https://bugs.eclipse.org/bugs/enter_bug.cgi?product=PDE) Tom Inactive hide details for Ali Naddaf ---03/21/2011 09:54:04 AM---Hello everyone.Ali Naddaf ---03/21/2011 09:54:04 AM---Hello everyone. From: Ali Naddaf <[email protected]> To: Equinox development mailing list <[email protected]> Date: 03/21/2011 09:54 AM Subject: [equinox-dev] A few questions on ConditionalPermissionAdmin Hello everyone. I recently started playing with the ConditionalPermissionAdmin and local permissions in Equinox. Here are a few questions I ran into: 1. As a simple test, I wrote a trivial bundle that does nothing except exporting a package. I noticed that if I do not explicitly state the PackageAdmin permission for the exported package, still my bundle comes up without any issue. To make sure I was setting things up correctly, I also tried to export a service from the same bundle without giving the ServicePermission in my local permissions and that failed so the setup seems to be right but for some reason, even though I have the Export clause in my manifest and no PackagePermission in my local permissions, still the bundle comes up fine. In other words, commenting or uncommenting the following line in my permissions.perm didn't make any difference : # ( org.osgi.framework.PackagePermission "com.acme.osgi.client1" "IMPORT,EXPORT" ) # com.acme.osgi.client1 is the package that I was exporting 2. Is there a graphical tool that can inspect a bundle for its local permissions, so that an operator can use that to see what sort of permissions are being requested? I know it is easy to open a jar file and look at the permissions.perm there but it seems like something that may already have a tool done by someone. 3. Is there a graphical interface (even as an eclipse plugin or so) to help developers create their local permissions in the permissions.perm? It is easy to make a syntax error there, so again it sounds to me like something that can benefit from a more graphically oriented tool. Many thanks Ali. _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
