Dear Hasan, dear all,
here is a permission file which I used some times ago. You need to adapt it
to your own configuration, and probably to update it to match the current
state of the Felix implementation:
grant codeBase "file:$FELIX_HOME/-" {
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission "$FELIX_HOME/main/conf/*", "read";
permission java.io.FilePermission "$USER_HOME/-", "read,write,delete";
permission java.io.FilePermission "bundle.lastmodified", "read";
permission java.io.FilePermission "bundle/*", "read";
permission java.net.NetPermission "specifyStreamHandler";
permission java.net.SocketPermission "*", "resolve, connect";
permission java.lang.RuntimePermission "createSecurityManager";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.reflect";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission org.osgi.framework.AdminPermission "*", "lifecycle";
permission org.osgi.framework.AdminPermission "*", "metadata";
permission org.osgi.framework.AdminPermission "*", "listener";
permission org.osgi.framework.AdminPermission "*", "execute";
permission org.osgi.framework.PackagePermission "*", "export";
permission org.osgi.framework.ServicePermission "*", "register, get";
};
When reading the file, I wonder while the PackagePermission is set to
'export' only, and do not include 'import'. If you get errors you should add
it simply.
best regards,
Pierre
--
==============================================================
Pierre Parrend
Software Engineering (SE)
Tel: +49 721 9654 - 620
Fax: +49 721 9654 - 623
E-Mail: [EMAIL PROTECTED]
==============================================================
FZI Forschungszentrum Informatik an der Universität Karlsruhe
Haid-und-Neu-Str. 10-14, 76131 Karlsruhe
Tel.: +49 721 9654 - 0, Fax: +49 721 9654 - 959
Stiftung des bürgerlichen Rechts
Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe
Vorstand:
Prof. Dr.-Ing. Rüdiger Dillmann
Dipl. Wi.-Ing. Michael Flor
Prof. Dr. Dr.-Ing. Jivka Ovtcharova
Prof. Dr. rer. nat. Rudi Studer
Vorsitzender des Kuratoriums:
Ministerialdirigent Günther Leßnerkraus
==============================================================
-----Original Message-----
From: Hasan [mailto:[EMAIL PROTECTED]
Sent: Wed 11/19/2008 11:36 AM
To: [email protected]
Subject: Re: Please help in enabling security
Hi again,
If I put the following line in all.policy
grant { permission java.security.AllPermission; };
then I can start felix successfully.
I hope this solve my problem starting felix with security enabled.
Note, that in the slide set "Building Secure OSGi Applications"
the line reads as follows which I think is wrong:
grant { permission java.lang.AllPermission };
Regards
Hasan
Hasan wrote:
> Dear all
>
> We would like to use osgi security mechanism (conditional permission
> admin) and thus
> are trying to enable security when invoking felix (version 1.4.0) as
> follows
>
> $ java -Djava.security.manager -Djava.security.policy=all.policy -jar
> bin/felix.jar
>
> There were some AccessControlException which we could fix by adapting
> java.policy file
> In the end however, we got a NullPointerException as shown below.
>
> -- BEGIN OF FELIX ERROR MESSAGE --
> Welcome to Felix.
> =================
>
> ERROR: Unable to start system bundle. (java.lang.NullPointerException:
> Specified service reference cannot be null.)
> java.lang.NullPointerException: Specified service reference cannot be
> null.
> at
>
org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.ja
va:320)
>
> at
>
org.apache.felix.main.AutoActivator.processAutoProperties(AutoActivator.java
:77)
>
> at org.apache.felix.main.AutoActivator.start(AutoActivator.java:55)
> at
>
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
071)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
>
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
a:580)
>
> at
>
org.apache.felix.framework.Felix$SystemBundleActivator.start(Felix.java:3761
)
>
> at
>
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
071)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
>
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
a:580)
>
> at org.apache.felix.framework.Felix.init(Felix.java:849)
> at org.apache.felix.framework.Felix.start(Felix.java:881)
> at org.apache.felix.main.Main.main(Main.java:213)
> Could not create framework: java.lang.RuntimeException: Unable to
> start system bundle.
> java.lang.RuntimeException: Unable to start system bundle.
> at org.apache.felix.framework.Felix.init(Felix.java:857)
> at org.apache.felix.framework.Felix.start(Felix.java:881)
> at org.apache.felix.main.Main.main(Main.java:213)
>
> -- END OF FELIX ERROR MESSAGE --
>
> Any help and tips to enable security and solve this problem is highly
> appreciated.
>
> Kind regards
> Hasan
>
--
--trialox ag--------------------------------------
Hasan Hasan
Binzmühlestrasse 14
CH-8050 Zürich
Tel: 0041-44-63 57577
Fax: 0041-44-63 57574
URL: http://www.trialox.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
