Dear Pierre, dear all
Thanks for the file. I use and modify your file (see below). With
this policy file
however, I cannot install a new bundle. It throwed
java.net.MalformedURLException:
Welcome to Felix.
=================
-> install
http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar
java.net.MalformedURLException: Unknown protocol: http
What must be added to the policy file so that it works? Thanks in
advance for answering.
-- BEGIN of my additional policy file used when starting felix-1.4.0 --
grant codeBase "file:${user.home}/sw/felix-1.4.0/-" {
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission
"${user.home}/sw/felix-1.4.0/conf/*", "read";
permission java.io.FilePermission "${user.home}/sw/felix-1.4.0/-",
"read,write,delete";
// permission java.io.FilePermission "${user.home}/-",
"read,write,delete";
permission java.io.FilePermission "bundle.lastmodified", "read";
permission java.io.FilePermission "bundle/*", "read";
permission java.io.FilePermission "./felix-cache", "read,write";
permission java.io.FilePermission "./felix-cache/-",
"read,write,delete";
permission java.net.NetPermission "specifyStreamHandler";
// permission java.net.SocketPermission "*", "resolve, connect";
permission java.net.SocketPermission "*",
"accept,connect,listen,resolve";
permission java.lang.RuntimePermission "createSecurityManager";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.reflect";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission org.osgi.framework.AdminPermission "*", "lifecycle";
permission org.osgi.framework.AdminPermission "*", "metadata";
permission org.osgi.framework.AdminPermission "*", "listener";
permission org.osgi.framework.AdminPermission "*", "execute";
permission org.osgi.framework.AdminPermission "*", "startlevel";
permission org.osgi.framework.AdminPermission "*",
"extensionLifecycle";
permission org.osgi.framework.PackagePermission "*", "export,import";
permission org.osgi.framework.ServicePermission "*", "register,get";
};
-- END of my additional policy file used when starting felix-1.4.0 --
Kind regards
Hasan
Pierre Parrend wrote:
Dear Hasan, dear all,
here is a permission file which I used some times ago. You need to
adapt it
to your own configuration, and probably to update it to match the
current
state of the Felix implementation:
grant codeBase "file:$FELIX_HOME/-" {
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission "$FELIX_HOME/main/conf/*",
"read";
permission java.io.FilePermission "$USER_HOME/-",
"read,write,delete";
permission java.io.FilePermission "bundle.lastmodified", "read";
permission java.io.FilePermission "bundle/*", "read";
permission java.net.NetPermission "specifyStreamHandler";
permission java.net.SocketPermission "*", "resolve, connect";
permission java.lang.RuntimePermission "createSecurityManager";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.reflect";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission org.osgi.framework.AdminPermission "*", "lifecycle";
permission org.osgi.framework.AdminPermission "*", "metadata";
permission org.osgi.framework.AdminPermission "*", "listener";
permission org.osgi.framework.AdminPermission "*", "execute";
permission org.osgi.framework.PackagePermission "*", "export";
permission org.osgi.framework.ServicePermission "*", "register,
get";
};
When reading the file, I wonder while the PackagePermission is set to
'export' only, and do not include 'import'. If you get errors you
should add
it simply.
best regards,
Pierre
--
==============================================================
Pierre Parrend
Software Engineering (SE)
Tel: +49 721 9654 - 620
Fax: +49 721 9654 - 623
E-Mail: [EMAIL PROTECTED]
==============================================================
FZI Forschungszentrum Informatik an der Universität Karlsruhe
Haid-und-Neu-Str. 10-14, 76131 Karlsruhe
Tel.: +49 721 9654 - 0, Fax: +49 721 9654 - 959
Stiftung des bürgerlichen Rechts
Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe
Vorstand:
Prof. Dr.-Ing. Rüdiger Dillmann
Dipl. Wi.-Ing. Michael Flor
Prof. Dr. Dr.-Ing. Jivka Ovtcharova
Prof. Dr. rer. nat. Rudi Studer
Vorsitzender des Kuratoriums:
Ministerialdirigent Günther Leßnerkraus
==============================================================
-----Original Message-----
From: Hasan [mailto:[EMAIL PROTECTED]
Sent: Wed 11/19/2008 11:36 AM
To: [email protected]
Subject: Re: Please help in enabling security
Hi again,
If I put the following line in all.policy
grant { permission java.security.AllPermission; };
then I can start felix successfully.
I hope this solve my problem starting felix with security enabled.
Note, that in the slide set "Building Secure OSGi Applications"
the line reads as follows which I think is wrong:
grant { permission java.lang.AllPermission };
Regards
Hasan
Hasan wrote:
Dear all
We would like to use osgi security mechanism (conditional
permission admin) and thus
are trying to enable security when invoking felix (version 1.4.0)
as follows
$ java -Djava.security.manager -Djava.security.policy=all.policy
-jar bin/felix.jar
There were some AccessControlException which we could fix by
adapting java.policy file
In the end however, we got a NullPointerException as shown below.
-- BEGIN OF FELIX ERROR MESSAGE --
Welcome to Felix.
=================
ERROR: Unable to start system bundle.
(java.lang.NullPointerException: Specified service reference cannot
be null.)
java.lang.NullPointerException: Specified service reference cannot
be null.
at
org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.ja
va:320)
at
org.apache.felix.main.AutoActivator.processAutoProperties(AutoActivator.java
:77)
at org.apache.felix.main.AutoActivator.start(AutoActivator.java:55)
at
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
071)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
a:580)
at
org.apache.felix.framework.Felix$SystemBundleActivator.start(Felix.java:3761
)
at
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
071)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
a:580)
at org.apache.felix.framework.Felix.init(Felix.java:849)
at org.apache.felix.framework.Felix.start(Felix.java:881)
at org.apache.felix.main.Main.main(Main.java:213)
Could not create framework: java.lang.RuntimeException: Unable to
start system bundle.
java.lang.RuntimeException: Unable to start system bundle.
at org.apache.felix.framework.Felix.init(Felix.java:857)
at org.apache.felix.framework.Felix.start(Felix.java:881)
at org.apache.felix.main.Main.main(Main.java:213)
-- END OF FELIX ERROR MESSAGE --
Any help and tips to enable security and solve this problem is
highly appreciated.
Kind regards
Hasan
