|
|
|
| Re: Security Manager + Virgo [message #906483 is a reply to message #906476] |
Sat, 01 September 2012 12:22   |
 Borislav Kapukaranov
Messages: 80
Registered: September 2010 |
Member |
|
|
The OSGi Security Manager is mostly an extension to the plain Java Security Manager - giving you more permissions to work with and is plugged into the lifecycle of bundles. To fully enable all intended security features the specification requires the Framework to install own Security Manager. Maybe I should have used the more correct Equinox Security Manager rather than OSGi Security Manager. 
By default it works a bit differently. Just enabling it won't actually do anything - by default it gives least restrictive access and everyone gets all permission in contrast to the plain Java Security Manager where the default is no permission. In the link I posted I also put some examples. One of them is essential for making the OSGi permissions work - the security agent. It manages the Conditional Permission Admin OSGi Service which takes care of applying the permissions to everyone in the framework. You can read more about it in the OSGi compendium specification.
What I'm trying to say is that if you want this to work smoothly you may want to stick to the intended by the Equinox framework creators usage of the Equinox Security. The two properties you used are there to set tell the Equinox framework to enable its built-in security manager. In your code you seem to override that and set your own manager - I expect you'll have hard time making any custom security manager work with the framework, because it won't be integrated with the Permission Admin services and won't be able to apply the permissions to bundles or apps. It's possible it would also work the plain Java way and by default grant no permission which would explain why you have many errors in the logs.
I'd recommend to try out the examples in the link I posted and try to model your requirements using similar approach. It sounds to me as the shortest path to get it working.
Best Regards
Bobby
[Updated on: Sat, 01 September 2012 12:23] Report message to a moderator |
|
|
| Re: Security Manager + Virgo [message #907111 is a reply to message #906483] |
Mon, 03 September 2012 06:09 |
eugene rabii
Messages: 13
Registered: February 2012 |
Junior Member |
|
|
Hello Bobby,
This definitely brings some light. Thank You.
Nevertheless, the problem persists.
I have been reading the OSGi in Action about security and while I see there a lot of ways to secure bundles, actually secure bundle specific things, I can't see a way to secure a call to System.exit without providing my own implementation of the SecurityManager.
I can't see a way to be able to block System.exit calls.
There are ways to secure BUNDLE-SPECIFIC operations, I agree, but I can't see the same for the System.exit calls.
I thought that may be osgi.policyFile will help, but no matter what I do (I did put it path) and added it to the dmk.sh file, I keep getting :
ClassNotFoundException without any other additional info. Fun!
Any help?
Thank You,
Eugene.
[Updated on: Mon, 03 September 2012 11:07] Report message to a moderator |
|
|
Powered by
FUDForum. Page generated in 0.01814 seconds
] 
Search
Help
Register
Login
Home
