The spec, in 9.10, explains the relation between CPA and PA, and states "The default conditions of Permission Admin are therefore never used when Conditional Permission Admin is present." (last sentence of next to last paragraph).
From your explanation below I get the impression that default conditions still have an influence.
In short my interpretation, when CPA and PA are present, is that: - PA's default permissions get ignored completely - PA's location bound permissions, if present, should be used (in which case, the CPA is completely ignored) - CPA's permissions should be used in all other cases.
What do you think?
Greetings, Marcel
On Feb 7, 2008, at 15:26 , Thomas Watson wrote: Equinox does not have a way to run with ConditionalPermissionAdmin but without PermissionAdmin. But you can get equivalent behavior by setting the default permissions in PermissionAdmin to an empty array (i.e. permAdmin.setDefaultPermissions(new PermissionInfo[0])). If you don't do this then the "default default" permissions for permission admin is AllPermissions.
This will allow you to control all the permissions with ConditionalPermissionAdmin and the permission checks will not fall back to the default permissions in PermissionAdmin.
Tom
<graycol.gif>Marcel Offermans ---02/07/2008 06:20:22 AM---The OSGi security model started out with the Permission Admin service.
<ecblank.gif>
From: | <ecblank.gif>
Marcel Offermans <marcel.offermans@xxxxxxxxxx> | <ecblank.gif>
To: | <ecblank.gif>
Equinox development mailing list <equinox-dev@xxxxxxxxxxx> | <ecblank.gif>
Date: | <ecblank.gif>
02/07/2008 06:20 AM | <ecblank.gif>
Subject: | <ecblank.gif>
[equinox-dev] Support for launching with just (Conditional) Permission Admin? |
The OSGi security model started out with the Permission Admin service.
Lateron, the Conditional Permission Admin was added. Frameworks are
allowed to publish:
- none of these services (the default, no security is active);
- just Permission Admin (the "older" model);
- just Conditional Permission Admin (encouraged, the "new way" to do
it);
- both Permission Admin and Conditional Permission Admin (most
compatible option, with some special restrictions).
My question: I can run both without and with both services published,
but does equinox also allow me to run with just PermissionAdmin or
ConditionalPermissionAdmin? If so, how?
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
|
