But only if you sign it. 2010/10/8 Karl Pauls <[email protected]>
> Yes, the policy is made possible by the policy bundle in that example. > It is not a standard thing. You might consider buying the book :-) > > regards, > > Karl > > On Fri, Oct 8, 2010 at 2:00 PM, Achim Nierbeck <[email protected]> > wrote: > > No, I didn't should I? > > > > 2010/10/8 Karl Pauls <[email protected]> > > > >> Did you install the policy bundle from the example as well? > >> > >> regards, > >> > >> Karl > >> > >> On Fri, Oct 8, 2010 at 12:40 PM, Achim Nierbeck < > [email protected]> > >> wrote: > >> > I found a link to [1]. And tried like in the example to use a > >> > security.policy file. That didn't seem to work. > >> > Another thing that really didn't seem to be right was, that the > security > >> > bundle wasn't listed as a fragment attached to the framework bundle > (If I > >> > use equinox as the framework bundle it was listed). > >> > > >> > Is there some sort of documentation besides the rather spare wiki > >> > documentation? > >> > > >> > > >> > [1] > >> > > >> > http://osgi-in-action.googlecode.com/svn/trunk/chapter14/combined-example/ > >> > > >> > > >> > > >> > 2010/10/8 Karl Pauls <[email protected]> > >> > > >> >> how are you trying to use the DENY or ALLOW syntax? > >> >> > >> >> regards, > >> >> > >> >> Karl > >> >> > >> >> On Fri, Oct 8, 2010 at 9:13 AM, Achim Nierbeck < > [email protected] > >> > > >> >> wrote: > >> >> > I now tried two ways of configuring security within the karaf > server. > >> One > >> >> > taking equinox, after setting the right properties and the policy > file > >> it > >> >> > did work. With Felix I think I do have an issue, I used the latest > >> Karaf > >> >> > version from SVN with Felix 3.0.3 and added the security bundle. If > I > >> >> list > >> >> > the available bundles I do see that the security bundle is resolved > >> but > >> >> > shouldn't the framework-bundle (felix in this case) import the > >> security > >> >> > bundle as a fragment? Because this didn't work and a refresh on > bundle > >> 0 > >> >> > causes the Karaf to crash :( > >> >> > Still I do get the security to work but I'm not able to use the > DENY > >> or > >> >> > ALLOW syntax. BTW. is there some documentation about the security > >> bundle > >> >> > available I just found some hints in older mailing threads. > >> >> > Right now I have to configure every Security Constraint I wan't to > >> enable > >> >> > just to skip this one java.security.Runtime exitVM :( > >> >> > > >> >> > > >> >> > 2010/10/4 Guillaume Nodet <[email protected]> > >> >> > > >> >> >> The karaf shutdown does not call system.exit(), it > >> >> >> calls getBundleContext().getBundle(0).stop() which is way cleaner > in > >> >> osgi. > >> >> >> The system.exit() is only called by the Main class that launches > the > >> >> >> framework, so if permissions are configured on bundles, it should > be > >> ok, > >> >> >> since the launcher is outside the osgi framework. > >> >> >> > >> >> >> On Mon, Oct 4, 2010 at 15:06, Achim Nierbeck < > >> [email protected] > >> >> >> >wrote: > >> >> >> > >> >> >> > Hi, thanks for the first answer, you are right I don't have a > lot > >> of > >> >> osgi > >> >> >> > security knowledge. > >> >> >> > One thing though that crosses my mind about your first solution. > If > >> I > >> >> use > >> >> >> > the apache Karaf as runtime container how would this affect the > >> >> >> "shutdown" > >> >> >> > command of the console? > >> >> >> > > >> >> >> > Thanks, Achim > >> >> >> > > >> >> >> > 2010/10/4 Karl Pauls <[email protected]> > >> >> >> > > >> >> >> > > I guess there are several ways to do this but the most > portable > >> one > >> >> >> > > should be to start with security enabled (and in felix case - > the > >> >> >> > > framework.security bundle installed). From there, you could > >> specify > >> >> a > >> >> >> > > policy that gives allpermission but has a deny on System.Exit. > >> >> >> > > > >> >> >> > > Assuming you don't have a lot of osgi security knowledge I can > >> try > >> >> to > >> >> >> > > write a more detailed mail about how to do this tonight... > >> >> >> > > > >> >> >> > > regards, > >> >> >> > > > >> >> >> > > Karl > >> >> >> > > > >> >> >> > > On Mon, Oct 4, 2010 at 12:45 PM, Achim Nierbeck < > >> >> >> [email protected] > >> >> >> > > > >> >> >> > > wrote: > >> >> >> > > > Hi, > >> >> >> > > > > >> >> >> > > > I asked this question in the karaf user mailing list but > they > >> told > >> >> me > >> >> >> > > this > >> >> >> > > > would be the better place to ask :) > >> >> >> > > > I have a special Problem I would like to solve with the > >> >> >> SecurityManger. > >> >> >> > > But > >> >> >> > > > first the Problem I'm facing: > >> >> >> > > > I have a bundle containing a third party legacy library I > have > >> to > >> >> >> use. > >> >> >> > > > This Library does call system.Exit(?) if it looses it's > >> connection > >> >> to > >> >> >> a > >> >> >> > > > corresponding server. > >> >> >> > > > I know that this is really bad (actually mean) but the > quickest > >> >> way > >> >> >> of > >> >> >> > > > shipping around this problem is using a service wrapper > which > >> does > >> >> a > >> >> >> > > > restart. > >> >> >> > > > But this is not a nice way of doing especially this > system.exit > >> >> >> forces > >> >> >> > a > >> >> >> > > > hard shutdown :( > >> >> >> > > > So I googled around and found that there is one solution for > >> this, > >> >> >> use > >> >> >> > a > >> >> >> > > > security manager which disallows System.Exit. > >> >> >> > > > Now the tricky part, how do I specify a securityManager just > >> for > >> >> this > >> >> >> > > bundle > >> >> >> > > > preventing it from using System.Exit? > >> >> >> > > > > >> >> >> > > > Thank you in Advance :) > >> >> >> > > > > >> >> >> > > > >> >> >> > > > >> >> >> > > > >> >> >> > > -- > >> >> >> > > Karl Pauls > >> >> >> > > [email protected] > >> >> >> > > > >> >> >> > > > >> >> --------------------------------------------------------------------- > >> >> >> > > To unsubscribe, e-mail: [email protected] > >> >> >> > > For additional commands, e-mail: [email protected] > >> >> >> > > > >> >> >> > > > >> >> >> > > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Cheers, > >> >> >> Guillaume Nodet > >> >> >> ------------------------ > >> >> >> Blog: http://gnodet.blogspot.com/ > >> >> >> ------------------------ > >> >> >> Open Source SOA > >> >> >> http://fusesource.com > >> >> >> > >> >> > > >> >> > >> >> > >> >> > >> >> -- > >> >> Karl Pauls > >> >> [email protected] > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [email protected] > >> >> For additional commands, e-mail: [email protected] > >> >> > >> >> > >> > > >> > >> > >> > >> -- > >> Karl Pauls > >> [email protected] > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > > > > > -- > Karl Pauls > [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
