Okay, I've created such a bundle and am definitely on the right track.
But I do find the documentation a bit fuzzy, there are few examples to find.
Do you have an examples of how to grant permissions? ( for example
granting allpermission to the system bundle? )
Or even better, do you have an example of how to limit a bundles' file
permissions purely to one directory?
This is what I have so far:
/ final ConditionalPermissionAdmin cpa =
(ConditionalPermissionAdmin)
context.getService(context.getServiceReference(ConditionalPermissionAdmin.class.getName()));
final ConditionalPermissionUpdate condPermUpdate =
cpa.newConditionalPermissionUpdate();
final List<ConditionalPermissionInfo> permlist =
condPermUpdate.getConditionalPermissionInfos();
String webappdir = System.getProperty("jdi.webapps");
System.out.println("WebAppDir: " + webappdir);
permlist.add( // add permission to the list
cpa.newConditionalPermissionInfo (
"JDI-Webapplication-Permissions", // this should be
unique, right? so how about reloading?
new ConditionInfo[] {
new
ConditionInfo(BundleLocationCondition.class.getName(), new String[] {
webappdir + "*"
})
},
new PermissionInfo[] {
new PermissionInfo(AllPermission.class.getName(),
"", ""),
new PermissionInfo(FilePermission.class.getName(),
"/home/sander/", "*")
},
"deny"
)
);
if ( condPermUpdate.commit() ) {
System.out.println("Commit succeeded");
} else {
System.err.println("Commit failed");
}/
Questions that arose while creating the above snippet:
- Should I remove permissions if my dedicated bundle is reloaded/stopped?
- How can I remove permissions?
- Is there a bundle which translates a textfile (properties/xml or
whatsoever) so I won't have to hard-code the whole permission scheme?
And what about this dedicated bundle. What if this bundle is loaded
after the bundles which require specific limitations? Can I do this with
the starting levels or should I edit the config file so it will load
this bundle first?
After some additional research I've found that the security features of
Felix are not as mature as of Equinox. It also seems that the security
package provided at the felix download page won't start. Is this normal?
/ 7|Resolved | 1|Apache Felix Security Provider (1.2.0)/
On 07/09/2010 03:43 PM, François GOICHON wrote:
What you have to do is to create a dedicated bundle that will play the
role of the permission agent.
Within this bundle :
- get the permission admin service reference
- get the permission list
- grant allpermission to the system bundle (bundle 0), other Felix
bundles may need allpermission
- grant allpermission to this permission agent bundle
- then grant the different permissions you need to other bundles
- commit the permission list to the permission table
Then, each time a permission check occurs, the security layer will be
able to determine whether each bundle providing each method on the
call stack has been granted this particular permission.
Actually, as the permission administration is provided as a service,
any bundle having sufficient permissions can modify the permission
table at any time. So yes, you can therefore add/delete and commit new
permissions when catching some specific framework or service events.
François
Sander de Groot wrote:
Would it be possible to create a custom bundle which listens to other
bundles' events and apply a specific permission scheme based on the
for example bundlename/location or other properties? If so how can I
enforce such a scheme on another bundle?
Regards,
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
