I have managed to piece together the following approach to implementing security in OSGI.
First, apply some VM arguments: -Dorg.osgi.framework.security="osgi" -Dosgi.signedcontent.support=true -Djava.security.policy=policy.all Next, install the org.apache.felix.framework bundle felix.conf: felix.auto.start.1=file:/boot/org.apache.felix.framework.security-2.4.0.jar Then it is necessary to create a new bundle with an activator which looks for a ConditionalPermissionAdmin, on which the permissions will be registered. application.security.Activator implements BundleActivator { public void start(BundleContext context) { ServiceReference<ConditionalPermissionAdmin> ref = context.getServiceReference(ConditionalPermissionAdmin.class); //this is returning null - the Conditional PermissionAdmin service has not started ConditionalPermissionAdmin admin = context.getService(ref); List<ConfitionalPermissionInfo> infos = admin.getConditionalPermissionInfos(); infos.clear(); infos.add(admin.newConditionalPermissionInfo("ALLOW {[BundleSignerCondition \"cn=myorgname\" ] (AllPermission)}")); ... } Ensure this is started after the security bundle felix.auto.start.2=file:./boot/myapplication.security_1.0.0.jar However the ConditionalPermissionAdmin service, which I am expecting to start, is not starting. The org.apache.felix.framework.security bundle is listed as "Resolved" but not "Active". The service reference is returning null. I think the problem may lie in the fact that org.apache.felix.framework.security is an "extension£ bundle, not a "service" bundle. I can find some information about extension bundles in the OSGI specs but what I can't find are instructions as to how to start a service in an extension bundle in Felix. Can anyone help? Thanks Robert