Thanks Karl, looks like I have completely misunderstood the java policy content. I am going to have a look to the resources you sent.
On Thu, Jun 16, 2016 at 3:58 PM, Karl Pauls <[email protected]> wrote: > > - In the target environments, I was trying to limit the usage of bundles > > signed by me. I have tried to have a prototype only with Felix but > despite > > I have followed these instructions, no success: > > > > > > > http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html > > > I'm not sure you followed the instructions there correctly. The > "all.policy" is the java security policy file and needs to be unchanged > (ie., it needs to give all permission to *) - see below. > > > > > > I have put this content in the policy file: > > > > allow { > > [org.osgi.service.condpermadmin.BundleSignerCondition "*" ] > > (java.security.AllPermission) > > } "all_signed" > > > > java.security.policy: error parsing > > file:/C:/dev/felix-framework-5.4.0/all.policy: > > line 1: expected [;], found [allow] > > ERROR: Error creating bundle cache. > (java.security.AccessControlException: > > acces > > s denied ("java.io.FilePermission" ".\felix-cache" "read")) > > > > Syntax seem to be fine to me, I have check the OSGi 5 spec (50.2.5) > > policy ::= access ’{’ conditions permissions’}’ name? > > access ::= ’ALLOW’ | ’DENY’ // case insensitive > > conditions ::= ( ’[’ qname quoted-string* ’]’ )* > > permissions ::= ( ’(’ qname (quoted-string > > quoted-string?)? ’)’ )+ > > name ::= quoted-string > > > > Have you ever seen similar exception? > > > > This is the syntax for the OSGi ConditionalPermissionTuple serialization > format. You can't put that into a java security policy file. If you want to > do something similar you'd have to provider your own implementation that > reads such a policy file and uses the ConditionalPermissionAdmin to set-up > the security policies correctly. You can find (a somewhat useable but very > simple) example-implementation here: > > > https://github.com/mcculls/osgi-in-action/blob/master/chapter14/combined-example/org.foo.policy/src/org/foo/policy/Activator.java > > It might make sense to look at the complete example too: > > > https://github.com/mcculls/osgi-in-action/tree/master/chapter14/combined-example > > > regards, > > Karl > > > > > > Many thanks in advance for this great work in ACE project!! > > > > > > -- > > ____________________________________ > > Jorge Martin Cuervo > > > > email <[email protected]> > > ___________________________________ > > > > > > -- > Karl Pauls > [email protected] > http://twitter.com/karlpauls > http://www.linkedin.com/in/karlpauls > https://profiles.google.com/karlpauls > -- ____________________________________ Jorge Martin Cuervo email <[email protected]> ____________________________________
