> - In the target environments, I was trying to limit the usage of bundles
> signed by me. I have tried to have a prototype only with Felix but despite
> I have followed these instructions, no success:
>
>
> http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html
I'm not sure you followed the instructions there correctly. The
"all.policy" is the java security policy file and needs to be unchanged
(ie., it needs to give all permission to *) - see below.
>
> I have put this content in the policy file:
>
> allow {
> [org.osgi.service.condpermadmin.BundleSignerCondition "*" ]
> (java.security.AllPermission)
> } "all_signed"
>
> java.security.policy: error parsing
> file:/C:/dev/felix-framework-5.4.0/all.policy:
> line 1: expected [;], found [allow]
> ERROR: Error creating bundle cache. (java.security.AccessControlException:
> acces
> s denied ("java.io.FilePermission" ".\felix-cache" "read"))
>
> Syntax seem to be fine to me, I have check the OSGi 5 spec (50.2.5)
> policy ::= access ’{’ conditions permissions’}’ name?
> access ::= ’ALLOW’ | ’DENY’ // case insensitive
> conditions ::= ( ’[’ qname quoted-string* ’]’ )*
> permissions ::= ( ’(’ qname (quoted-string
> quoted-string?)? ’)’ )+
> name ::= quoted-string
>
> Have you ever seen similar exception?
>
This is the syntax for the OSGi ConditionalPermissionTuple serialization
format. You can't put that into a java security policy file. If you want to
do something similar you'd have to provider your own implementation that
reads such a policy file and uses the ConditionalPermissionAdmin to set-up
the security policies correctly. You can find (a somewhat useable but very
simple) example-implementation here:
https://github.com/mcculls/osgi-in-action/blob/master/chapter14/combined-example/org.foo.policy/src/org/foo/policy/Activator.java
It might make sense to look at the complete example too:
https://github.com/mcculls/osgi-in-action/tree/master/chapter14/combined-example
regards,
Karl
> Many thanks in advance for this great work in ACE project!!
>
>
> --
> ____________________________________
> Jorge Martin Cuervo
>
> email <[email protected]>
> ___________________________________
>
--
Karl Pauls
[email protected]
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
