On Wed, Sep 16, 2009 at 4:51 PM, Guido Spadotto <[email protected]> wrote: > Richard S. Hall wrote: >> >> On 9/16/09 11:58, Karl Pauls wrote: >>> >>> On Wed, Sep 16, 2009 at 11:51 AM, Guido Spadotto<[email protected]> >>> wrote: >>>> >>>> I'd like to make framework interfaces visible only to specific >>>> bundles/components of the framework environment I'm writing (and whose >>>> bundles I am in full >>>> control of), whilst 3p interfaces will be exported as usual (i.e. no >>>> restrictions on >>>> their visibility). >>>> The Question: is there an easy/correct way of achieving this in OSGi ? >>>> >>> >>> I guess you are looking for security. Have a look at the >>> ConditionalPermissionAdmin and the related permissions defined by >>> OSGi. >> >> As Karl says, there is no real way to do this other than security. >> Otherwise, you could try to approximate it with mandatory attributes. In the >> future, the spec could address such use cases (e.g., through composite >> bundles, so you could create a subsystem), but even then the only way to get >> guarantees is with security and granting permissions. >> -> richard > > Thanks Karl and Richard, > I'm studying the Conditional Permission Admin Spec. > > If I got it right, I should write a custom condition that distinguishes > between framework and 3rd Party > bundles and - based on that - gets enabled or not. > > Once I have that condition, I can use it to grant these permissions > ServicePermission[FQN_Of_FW_Interface,GET ] and > PackagePermission[FQN_Of_FW_Package,IMPORT] > to Framework Bundles. > > 3rd Party services, that is all services contained in bundles > that do not satisfy my custom condition, will not be able to > import my FW packages, or get FW services.
Yup, that is correct. Alternatively, you could use different certificates for each domain (framwork and 3rd) and sign the bundles with the certificate of the domain they belong too. This way you could use the BundleSignerCondtion instead of your custom condition. If signing is not an option you can go with the custom condition approach. regards, Karl > Richard, what do you mean by "approximating with mandatory attributes" ? > > Please correct/extend my thoughts if you see I'm wrong. > -- > Guido Spadotto > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Karl Pauls [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
