I now tried two ways of configuring security within the karaf server. One taking equinox, after setting the right properties and the policy file it did work. With Felix I think I do have an issue, I used the latest Karaf version from SVN with Felix 3.0.3 and added the security bundle. If I list the available bundles I do see that the security bundle is resolved but shouldn't the framework-bundle (felix in this case) import the security bundle as a fragment? Because this didn't work and a refresh on bundle 0 causes the Karaf to crash :( Still I do get the security to work but I'm not able to use the DENY or ALLOW syntax. BTW. is there some documentation about the security bundle available I just found some hints in older mailing threads. Right now I have to configure every Security Constraint I wan't to enable just to skip this one java.security.Runtime exitVM :(
2010/10/4 Guillaume Nodet <[email protected]> > The karaf shutdown does not call system.exit(), it > calls getBundleContext().getBundle(0).stop() which is way cleaner in osgi. > The system.exit() is only called by the Main class that launches the > framework, so if permissions are configured on bundles, it should be ok, > since the launcher is outside the osgi framework. > > On Mon, Oct 4, 2010 at 15:06, Achim Nierbeck <[email protected] > >wrote: > > > Hi, thanks for the first answer, you are right I don't have a lot of osgi > > security knowledge. > > One thing though that crosses my mind about your first solution. If I use > > the apache Karaf as runtime container how would this affect the > "shutdown" > > command of the console? > > > > Thanks, Achim > > > > 2010/10/4 Karl Pauls <[email protected]> > > > > > I guess there are several ways to do this but the most portable one > > > should be to start with security enabled (and in felix case - the > > > framework.security bundle installed). From there, you could specify a > > > policy that gives allpermission but has a deny on System.Exit. > > > > > > Assuming you don't have a lot of osgi security knowledge I can try to > > > write a more detailed mail about how to do this tonight... > > > > > > regards, > > > > > > Karl > > > > > > On Mon, Oct 4, 2010 at 12:45 PM, Achim Nierbeck < > [email protected] > > > > > > wrote: > > > > Hi, > > > > > > > > I asked this question in the karaf user mailing list but they told me > > > this > > > > would be the better place to ask :) > > > > I have a special Problem I would like to solve with the > SecurityManger. > > > But > > > > first the Problem I'm facing: > > > > I have a bundle containing a third party legacy library I have to > use. > > > > This Library does call system.Exit(?) if it looses it's connection to > a > > > > corresponding server. > > > > I know that this is really bad (actually mean) but the quickest way > of > > > > shipping around this problem is using a service wrapper which does a > > > > restart. > > > > But this is not a nice way of doing especially this system.exit > forces > > a > > > > hard shutdown :( > > > > So I googled around and found that there is one solution for this, > use > > a > > > > security manager which disallows System.Exit. > > > > Now the tricky part, how do I specify a securityManager just for this > > > bundle > > > > preventing it from using System.Exit? > > > > > > > > Thank you in Advance :) > > > > > > > > > > > > > > > > -- > > > Karl Pauls > > > [email protected] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > Open Source SOA > http://fusesource.com >
