Hi, It's possible at service level by using Karaf ACL.
Regards JB On Fri, Sep 2, 2022 at 9:51 PM frm <[email protected]> wrote: > > Thanks for the answer. > > > > Is it solvable by the Java Security Framework, restricting access to elements > in a bunble? > > > > Van: Grzegorz Grzybek <[email protected]> > Verzonden: vrijdag 2 september 2022 20:21 > Aan: [email protected] > Onderwerp: Re: Isolation in Karaf/OSGI > > > > Hello > > > > pt., 2 wrz 2022 o 19:15 frm <[email protected]> napisał(a): > > Hi, > > My question is about the isolation between bundles. > I understand that one bundle can monopolize the processor and the memory, and > in that sense one can not speak of strict isolation. > > > > Sure - and bundle can't give you any isolation in this regard. CPU can be > monopolized by a thread (many threads) started by any bundle. Same for memory > and nasty allocation. > > > > > However, is it possible that bundle B calls a function in bundle A that is > NOT exported by bundle A, e.g. by means of reflection? > > > > Yes, it is possible - it's a matter of grabbing an instance of an object - > you can get it at lowest level by instantiating a class from bundle A using > code from bundle B. All you need is reflection, class name and classloader - > the classloader can be obtained for any bundle. > > > > In other words: can I safely assume that a function in bundle B can ONLY call > functions in bundle A that are exported. > > I take here a security perspective on the notion of isolation. > > > > No, you can't assume that. > > > > kind regards > > Grzegorz Grzybek > > > > > > Thanks for your answer, > > Best, > > -- Jaap
