Yes, the policy is made possible by the policy bundle in that example. It is not a standard thing. You might consider buying the book :-)
regards, Karl On Fri, Oct 8, 2010 at 2:00 PM, Achim Nierbeck <[email protected]> wrote: > No, I didn't should I? > > 2010/10/8 Karl Pauls <[email protected]> > >> Did you install the policy bundle from the example as well? >> >> regards, >> >> Karl >> >> On Fri, Oct 8, 2010 at 12:40 PM, Achim Nierbeck <[email protected]> >> wrote: >> > I found a link to [1]. And tried like in the example to use a >> > security.policy file. That didn't seem to work. >> > Another thing that really didn't seem to be right was, that the security >> > bundle wasn't listed as a fragment attached to the framework bundle (If I >> > use equinox as the framework bundle it was listed). >> > >> > Is there some sort of documentation besides the rather spare wiki >> > documentation? >> > >> > >> > [1] >> > >> http://osgi-in-action.googlecode.com/svn/trunk/chapter14/combined-example/ >> > >> > >> > >> > 2010/10/8 Karl Pauls <[email protected]> >> > >> >> how are you trying to use the DENY or ALLOW syntax? >> >> >> >> regards, >> >> >> >> Karl >> >> >> >> On Fri, Oct 8, 2010 at 9:13 AM, Achim Nierbeck <[email protected] >> > >> >> wrote: >> >> > I now tried two ways of configuring security within the karaf server. >> One >> >> > taking equinox, after setting the right properties and the policy file >> it >> >> > did work. With Felix I think I do have an issue, I used the latest >> Karaf >> >> > version from SVN with Felix 3.0.3 and added the security bundle. If I >> >> list >> >> > the available bundles I do see that the security bundle is resolved >> but >> >> > shouldn't the framework-bundle (felix in this case) import the >> security >> >> > bundle as a fragment? Because this didn't work and a refresh on bundle >> 0 >> >> > causes the Karaf to crash :( >> >> > Still I do get the security to work but I'm not able to use the DENY >> or >> >> > ALLOW syntax. BTW. is there some documentation about the security >> bundle >> >> > available I just found some hints in older mailing threads. >> >> > Right now I have to configure every Security Constraint I wan't to >> enable >> >> > just to skip this one java.security.Runtime exitVM :( >> >> > >> >> > >> >> > 2010/10/4 Guillaume Nodet <[email protected]> >> >> > >> >> >> The karaf shutdown does not call system.exit(), it >> >> >> calls getBundleContext().getBundle(0).stop() which is way cleaner in >> >> osgi. >> >> >> The system.exit() is only called by the Main class that launches the >> >> >> framework, so if permissions are configured on bundles, it should be >> ok, >> >> >> since the launcher is outside the osgi framework. >> >> >> >> >> >> On Mon, Oct 4, 2010 at 15:06, Achim Nierbeck < >> [email protected] >> >> >> >wrote: >> >> >> >> >> >> > Hi, thanks for the first answer, you are right I don't have a lot >> of >> >> osgi >> >> >> > security knowledge. >> >> >> > One thing though that crosses my mind about your first solution. If >> I >> >> use >> >> >> > the apache Karaf as runtime container how would this affect the >> >> >> "shutdown" >> >> >> > command of the console? >> >> >> > >> >> >> > Thanks, Achim >> >> >> > >> >> >> > 2010/10/4 Karl Pauls <[email protected]> >> >> >> > >> >> >> > > I guess there are several ways to do this but the most portable >> one >> >> >> > > should be to start with security enabled (and in felix case - the >> >> >> > > framework.security bundle installed). From there, you could >> specify >> >> a >> >> >> > > policy that gives allpermission but has a deny on System.Exit. >> >> >> > > >> >> >> > > Assuming you don't have a lot of osgi security knowledge I can >> try >> >> to >> >> >> > > write a more detailed mail about how to do this tonight... >> >> >> > > >> >> >> > > regards, >> >> >> > > >> >> >> > > Karl >> >> >> > > >> >> >> > > On Mon, Oct 4, 2010 at 12:45 PM, Achim Nierbeck < >> >> >> [email protected] >> >> >> > > >> >> >> > > wrote: >> >> >> > > > Hi, >> >> >> > > > >> >> >> > > > I asked this question in the karaf user mailing list but they >> told >> >> me >> >> >> > > this >> >> >> > > > would be the better place to ask :) >> >> >> > > > I have a special Problem I would like to solve with the >> >> >> SecurityManger. >> >> >> > > But >> >> >> > > > first the Problem I'm facing: >> >> >> > > > I have a bundle containing a third party legacy library I have >> to >> >> >> use. >> >> >> > > > This Library does call system.Exit(?) if it looses it's >> connection >> >> to >> >> >> a >> >> >> > > > corresponding server. >> >> >> > > > I know that this is really bad (actually mean) but the quickest >> >> way >> >> >> of >> >> >> > > > shipping around this problem is using a service wrapper which >> does >> >> a >> >> >> > > > restart. >> >> >> > > > But this is not a nice way of doing especially this system.exit >> >> >> forces >> >> >> > a >> >> >> > > > hard shutdown :( >> >> >> > > > So I googled around and found that there is one solution for >> this, >> >> >> use >> >> >> > a >> >> >> > > > security manager which disallows System.Exit. >> >> >> > > > Now the tricky part, how do I specify a securityManager just >> for >> >> this >> >> >> > > bundle >> >> >> > > > preventing it from using System.Exit? >> >> >> > > > >> >> >> > > > Thank you in Advance :) >> >> >> > > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > -- >> >> >> > > Karl Pauls >> >> >> > > [email protected] >> >> >> > > >> >> >> > > >> >> --------------------------------------------------------------------- >> >> >> > > To unsubscribe, e-mail: [email protected] >> >> >> > > For additional commands, e-mail: [email protected] >> >> >> > > >> >> >> > > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Cheers, >> >> >> Guillaume Nodet >> >> >> ------------------------ >> >> >> Blog: http://gnodet.blogspot.com/ >> >> >> ------------------------ >> >> >> Open Source SOA >> >> >> http://fusesource.com >> >> >> >> >> > >> >> >> >> >> >> >> >> -- >> >> Karl Pauls >> >> [email protected] >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> >> >> > >> >> >> >> -- >> Karl Pauls >> [email protected] >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > -- Karl Pauls [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
