This works similar to standard java policy files. In traditional J2SE you may use "signed by" statement in Java policy. In OSGi you can achieve this with conditional permission admin which requires Java Security to be enabled.
I've created an example a while ago which works with Karaf 2.x: https://github.com/splatch/osgi-cpm The policy configuration in my case was written in XML (easiest to parse & validate) https://github.com/splatch/osgi-cpm/blob/master/admin/src/main/resources/policy.xml Cheers, Łukasz Dywicki -- [email protected] Twitter: ldywicki Blog: http://dywicki.pl Code-House - http://code-house.org Wiadomość napisana przez [email protected] w dniu 11 lip 2013, o godz. 10:26: > Hi > > I already tested it with Karaf 1 and 2.2 (and directly with Felix). I didn't > try latest versions or with Karaf 2.3. > > I will take a look tomorrow (I travel today). > > I will keep you posted tomorrow. > > Regards > JB > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://wwx.talend.com > > ----- Reply message ----- > From: "Christian Schneider" <[email protected]> > To: <[email protected]> > Subject: Requiring bundles to be signed > Date: Thu, Jul 11, 2013 9:50 am > > > Hi all, > > we have a customer requirement to only allow signed bundles in the framework. > > I have read that this should be possible: > - > http://help.eclipse.org/juno/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Fguide%2Fbundle_security.html > - http://felix.apache.org/site/apache-felix-framework-security.html > > I am struggling though how to set it up so it actually checks signatures and > denies non trusted or missing signatures. > > Has anyone here already tried this? > > If the framework does not allow it via configuration. Is there a hook in OSGi > where I can be called when a bundle is loaded? > > Christian >
