OOO tu commences à devenir célèbre !!!
/stephane
On Sat, Jun 19, 2010 at 9:34 AM, Goichon Francois <
francois.goic...@insa-lyon.fr> wrote:
> Hi Roshan,
>
> Policy files can't handle the dynamic permissions you need. You just have
> to grant AllPermission to any code in your policy file. Then, permissions
> regarding each bundle are handle by PermissionAdmin or
> ConditionalPermissionAdmin services from framework.security. When you use
> those services, you first have to grant AllPermission to the system core
> bundle & the bundle using the PermissionAdmin service. For example, to grant
> AllPermission to the system bundle (bundle number 0):
>
>
> final ConditionalPermissionAdmin cpa =
> (ConditionalPermissionAdmin)
> context.getService(context.getServiceReference(ConditionalPermissionAdmin.class.getName()));
>
>
> final ConditionalPermissionUpdate condPermUpdate =
> cpa.newConditionalPermissionUpdate();
> final List<ConditionalPermissionInfo> permlist =
> condPermUpdate.getConditionalPermissionInfos();
>
> permlist.add(cpa.newConditionalPermissionInfo(null,
> new ConditionInfo[]{
> new
> ConditionInfo(BundleLocationCondition.class.getName(),
> new String[]{
>
> context.getBundle(0).getLocation()
> }
> )
> },
> new PermissionInfo[]{
> new
> PermissionInfo(AllPermission.class.getName(),"", "")
> },
> "allow"));
>
> Hope that helps,
>
> François
>
>
> "Roshan A. Punnoose" <rpunno...@proteuseng.com> a écrit :
>
> Hi,
>>
>> I am new to Java/OSGi security. I want to be able to specify a policy file
>> that will be able to start up my OSGi container but will only install
>> bundles that I have signed. Currently, I have downloaded the felix
>> framework, and I have the framework.security project installed in it.
>>
>> My current policy file looks like this:
>>
>> grant codeBase "file:./bin/-" {
>> permission java.security.AllPermission;
>> };
>>
>> grant codeBase "http://felix.extensions:9/"; {
>> permission java.security.AllPermission;
>> };
>>
>> This will let me let the felix.jar start and access file/system
>> permissions, and the second grant allows the framework.security jar to be
>> installed.
>>
>> Now what do I have to add to this to force only my signed bundles to be
>> installed? It seems like right now it lets any bundles install and run. (I
>> guess it is using the felix.jar AllPermission to run?)
>>
>> Any ideas?
>>
>> Also, I noticed that there are Bundle/Package/Service Permissions in
>> felix. How do I go about using that? (I read the spec, but I'm unsure where
>> framework.security fits in this?)
>>
>> Any help would be greatly appreciated.
>>
>> Roshan Punnoose
>> rpunno...@proteuseng.com
>> Proteus Technologies
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
>> For additional commands, e-mail: users-h...@felix.apache.org
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
> For additional commands, e-mail: users-h...@felix.apache.org
>
>
--
http://perso.citi.insa-lyon.fr/sfrenot
work here : http://tinyurl.com/2ts4xf
sleep here : http://tinyurl.com/33p2gt
play here : http://tinyurl.com/3yarjz
---
Stephane Frenot
Université de Lyon, INRIA
INSA-Lyon, CITI, F-69621, France
