Thanks, that does answer my question.

On Wed, Sep 21, 2016 at 5:17 PM, Karl Pauls <karlpa...@gmail.com> wrote:
> I guess I'm not 100% sure I understand what you are asking exactly. Let me
> first try to explain what the different options are and then try to answer
> what I think you are asking.
>
> If there is a security manager installed the framework will do permission
> checks where the spec mandates it. However, assuming you didn't install the
> framework.security provider, all bundles will have AllPermission by default
> -- except, if you have set  felix.security.defaultpolicy=true. In that
> case, your security policy will be consulted for bundles as well.
>
> Hence, if you want behavior just as some ordinary library in an application
> with a security manager you probably want to _not_ install the
> framework.security provider and set felix.security.defaultpolicy=true
> (either as a -D property or as one passed to the felix constructor). That
> in turn will make it so that you _do_ get permission checks triggered from
> Felix as well as potentially from bundles which you can grant (or deny by
> omission, respectively) via your security policy.
>
> Otherwise, if you just don't want failing permission checks then, don't
> install the framework.security provider and _don't_ set
> felix.security.defaultpolicy.
> That will make it so that you _do_ get permission checks triggered from
> Felix as well as potentially from bundles but at least bundles will have
> AllPermission by default (hence, all you need to do in your policy is to
> give felix.jar and your external code that calls into Felix permissions).
>
> If, on the other hand, you don't want _any_ permission checks triggered by
> felix despite a security manage being around the answer is: no - thats not
> possible.
>
> regards,
>
> Karl
>
> On Wed, Sep 21, 2016 at 10:48 PM, Benson Margulies <ben...@basistech.com>
> wrote:
>
>> I'd like to run a Felix container as if it was just some ordinary
>> piece of an application inside of a security manager; I don't want any
>> security manager checks or behaviors from the container. Can I do
>> this, or does the container always interact with the SecurityManager
>> if there is one?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
>> For additional commands, e-mail: users-h...@felix.apache.org
>>
>>
>
>
> --
> Karl Pauls
> karlpa...@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org

Reply via email to