Hi,
I have the following setup to provide logging:
- slf4j.api-1.7.2.jar
- ch.qos.logback.core-1.0.7.jar
- ch.qos.logback.classic-1.0.7.jar
- my.logservice.impl.jar => implements org.osgi.service.log.LogService and
delegates to slf4j
I have also enabled security:
- org.apache.felix.framework.security-2.0.1.jar
- my.platformsecurity.impl.jar => using ConditionalPermissionAdmin
The only way I get this setup to work is to give the four logging bundles
the same permissions which seems a little verbose:
allow {
[org.osgi.service.condpermadmin.BundleLocationCondition
"bundles/dropins/ch.qos.logback.core-1.0.7.jar"]
(org.osgi.framework.PackagePermission "ch.qos.logback.core" "exportonly")
(org.osgi.framework.PackagePermission "ch.qos.logback.core.*"
"exportonly")
(org.osgi.framework.PackagePermission "org.xml.sax" "import")
(org.osgi.framework.PackagePermission "org.xml.sax.helpers" "import")
(org.osgi.framework.PackagePermission "javax.xml.parsers" "import")
(java.lang.RuntimePermission "getClassLoader" "")
(java.util.PropertyPermission "*" "read")
(java.io.FilePermission "config/-" "read")
(java.io.FilePermission "logs" "read")
(java.io.FilePermission "logs/-" "read,write,delete")
} "ch.qos.logback.core"
allow {
[org.osgi.service.condpermadmin.BundleLocationCondition
"bundles/dropins/ch.qos.logback.classic-1.0.7.jar"]
(org.osgi.framework.PackagePermission "org.slf4j.impl" "exportonly")
(org.osgi.framework.PackagePermission "org.slf4j" "import")
(org.osgi.framework.PackagePermission "org.slf4j.*" "import")
(org.osgi.framework.PackagePermission "ch.qos.logback.core" "import")
(org.osgi.framework.PackagePermission "ch.qos.logback.core.*" "import")
(org.osgi.framework.PackagePermission "javax.naming" "import")
(org.osgi.framework.PackagePermission "org.xml.sax" "import")
(java.lang.RuntimePermission "getClassLoader" "")
(java.util.PropertyPermission "*" "read")
(java.io.FilePermission "config/-" "read")
(java.io.FilePermission "logs" "read")
(java.io.FilePermission "logs/-" "read,write,delete")
} "ch.qos.logback.classic"
allow {
[org.osgi.service.condpermadmin.BundleLocationCondition
"bundles/dropins/slf4j.api-1.7.2.jar"]
(org.osgi.framework.PackagePermission "org.slf4j" "exportonly")
(org.osgi.framework.PackagePermission "org.slf4j.helpers" "exportonly")
(org.osgi.framework.PackagePermission "org.slf4j.spi" "exportonly")
(org.osgi.framework.PackagePermission "org.slf4j.impl" "import")
(java.lang.RuntimePermission "getClassLoader" "")
(java.util.PropertyPermission "*" "read")
(java.io.FilePermission "config/-" "read")
(java.io.FilePermission "logs" "read")
(java.io.FilePermission "logs/-" "read,write,delete")
(java.security.AllPermission)
} "slf4j.api"
allow {
[org.osgi.service.condpermadmin.BundleLocationCondition
"bundles/dropins/my.logservice.impl.jar"]
(org.osgi.framework.PackagePermission "org.osgi.framework" "import")
(org.osgi.framework.PackagePermission "org.osgi.service.log" "import")
(org.osgi.framework.PackagePermission "org.slf4j" "import")
(org.osgi.framework.ServicePermission "org.osgi.service.log.LogService"
"register")
(java.lang.RuntimePermission "getClassLoader" "")
(java.util.PropertyPermission "*" "read")
(java.io.FilePermission "config/-" "read")
(java.io.FilePermission "logs" "read")
(java.io.FilePermission "logs/-" "read,write,delete")
} "my.logservice.impl"
Is this "proliferation" of permissions generally required - is this "normal"
?
Thanks,
Bokie
--
View this message in context:
http://apache-felix.18485.n6.nabble.com/Permissions-and-3rd-party-bundles-tp5000253.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
