Hi,
Firstly I thank you your replies.
I have tried with Equinox 3.5 (M7) jar, typing:
java -Declipse.security=osgi
-Djava.security.policy=policy.policy -jar org.eclipse.osgi_3.5.0.XXX.jar
–console
in console, and I don’t get any result, the command is launched
and no osgi environment (like osgi>) appears.
So I have thought because of I have to develop a custom Security
Manager, I mean, I firstly created a bundle called PermissionManager with
Activator class where I fixed in the start method the permission for another
bundle. I fixed ALLPermission for my bundle PermissionManager so that this could
have permission to fix other bundles’ permissions. Furthermore, I wrote a
BundleLocationCondition in order that just those bundles which have been stored
in the specified location written in the condition can get another Service. I
am supossing that If I write one permission for a bundle then, this bundle
would just have this permission (as the same way that happens with Local
Permission, if I fix a resource, then the bundle should have each permission
added). I mean, at the beggining, the bundles would have ALLPERMISSION, but if
I write a Conditional Permission, then ALL of Bundles have to add ALL
PERMISSION that they need, Am I wrong? Am I missing something?
Thank you very much in advance
David
De:
equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En
nombre de Thomas Watson
Enviado el: jueves, 07 de mayo de 2009 21:46
Para: Equinox development mailing list
Asunto: RE: [equinox-dev] Conditional Permission are not being checked
We renamed the security manager in Equinox 3.5.
You can use the eclipse.security property to specify the "type" of
security manager instead of specifying the complete class name. For example:
java -Declipse.security=osgi -Djava.security.policy=policy.policy -jar
org.eclipse.osgi_3.5.0.XXX.jar –console
We currently only support the "osgi" type. This will cause the
framework to set the security manager to its internal implementation. You don't
need to know the implementation class this way.
Tom
"David Conde" ---05/07/2009 04:07:56 AM---When
I try to launch Equinox v35 in the same way that I did before with version 34 I
am getting an Exception :
|
From:
|
"David Conde"
<dconde@xxxxxxxx>
|
|
To:
|
"'Equinox development mailing list'"
<equinox-dev@xxxxxxxxxxx>
|
|
Date:
|
05/07/2009 04:07 AM
|
|
Subject:
|
RE: [equinox-dev] Conditional Permission are
not being checked
|
When I try to launch Equinox v35 in the same way
that I did before with version 34 I am getting an Exception :
Error occurred during initialization of VM
java/lang/InternalError: Could not create SecurityManager:
org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
Any idea?
Thanks in advance
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx]
En nombre de David Conde
Enviado el: jueves, 07 de mayo de 2009 10:39
Para: 'Equinox development mailing list'
Asunto: RE: [equinox-dev] Conditional Permission are not being checked
I am sorry, I found the new version 3.5 of Equinox
in http://www.eclipse.org/downloads/download.php?file=/equinox/drops/S-3.5M1-200808071402/org.eclipse.osgi_3.5.0.v20080804-1730.jar
So I will try with this one and I will write back
the results.
David
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx]
En nombre de David Conde
Enviado el: jueves, 07 de mayo de 2009 10:26
Para: 'Equinox development mailing list'
Asunto: RE: [equinox-dev] Conditional Permission are not being checked
Hi again, where I can get Equinox 3.5 I tried to
get from http://download.eclipse.org/equinox/drops/R-3.4.2-200902111700/index.php, but there is just to version 3.4 to download.
I do not know really the problem and If I am
missing something, I have a Permission Manager, who grant to itself
ALLPERMISSION, and in this bundle we fix a BundleLocationCondition in order
that my bundle
file:C:\\equinoxv34\\clientserviceconditional.jar is the only one who can Get the Service from
ServiceConditional. Am I wrong? What option do I have to write when I launch
Equinox in console way?
cpa.addConditionalPermissionInfo(
new ConditionInfo[]{
new ConditionInfo(
BundleLocationCondition.class.getName(),
new
String[]{"file:C:\\equinoxv34\\clientserviceconditional.jar"})
},
new PermissionInfo[]{
new PermissionInfo
(ServicePermission.class.getName(),"dconde.osgi.serviceconditional.ServiceConditional","GET")
});
Thank you very much in advance
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx]
En nombre de Thomas Watson
Enviado el: miércoles, 06 de mayo de 2009 18:52
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Conditional Permission are not being checked
Can you try this on 3.5? The OSGi R4.2
specification (implemented in Equinox 3.5) made a clarification about when the
default permissions from PermissionAdmin are used in the presence of the
ConditionalPermissionAdmin service.
The default default permissions for PermissionAdmin is AllPermissions. In
Equinox 3.4 we would fall back to the PermissionAdmin default permissions if
none of the conditions from the ConditionalPermissionAdmin table were satisfied
for a particular bundle. The OSGi R4.2 specification has been clarified such
that the PermissionAdmin default permissions are ONLY used if the condition
table is COMPLETELY empty. Once you add a single condition to the table then
bundles must not be granted the PermissionAdmin default permissions.
In 3.4 you should set the PermissionAdmin default permissions to a restricted
set of permissions or you could set another condition with
ConditionalPermissionAdmin which restricts the permissions for all bundle
locations.
Tom
"David Conde" ---05/06/2009
11:08:03 AM---Hi,
|
From:
|
"David Conde" <dconde@xxxxxxxx>
|
|
To:
|
<equinox-dev@xxxxxxxxxxx>
|
|
Date:
|
05/06/2009 11:08 AM
|
|
Subject:
|
[equinox-dev] Conditional Permission are not being checked
|
Hi,
I am trying to check Conditional Permssion Admin SErvice in Equinox. For this
reason, I create a Bundle consumer, another one called service and another
called PermissionManager who will implement the Conditional Permissions for the
consumer.
The problem is that I do not get any exception when I try to get the service
from another location different from my allowed one.
My PermissionManager implements BundleActivator and get the service
ConditionalPermissionAdmin from the framework in the start method, finally is
shown below:
private ConditionalPermissionAdmin cpa;
condPermRef =
context.getServiceReference(ConditionalPermissionAdmin.class.getName());
cpa
=(ConditionalPermissionAdmin) context.getService(condPermRef);
AccessController.doPrivileged(new
PrivilegedAction() {
public Object run() {
cpa.addConditionalPermissionInfo(new
ConditionInfo[]{
new ConditionInfo(BundleLocationCondition.class.getName(),
new
String[]{context.getBundle().getLocation()})
},
new PermissionInfo[]{
new PermissionInfo(
AllPermission.class.getName(), "", "")
});
cpa.addConditionalPermissionInfo(
new ConditionInfo[]{
new ConditionInfo(
BundleLocationCondition.class.getName(),
new
String[]{"file:C:\\equinoxv34\\clientserviceconditional.jar"})
},
new PermissionInfo[]{
new PermissionInfo
(ServicePermission.class.getName(),"dconde.osgi.serviceconditional.ServiceConditional","GET")
});
// Add other permissions
return null; // nothing to return
}
});
If I try to get the Service from another consumer in another location no
exception is thrown, and I do not really know what I am missing. What do I need
to apply Conditional Permission?
I am not applying as the same time Local Permission with permissions.perm, Does
this have something to do with my results?
I am launching Equinox in this way:
java
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
-Djava.security.policy=policy.policy -jar org.eclipse.osgi_3.4.3.R34x_v20081215-1030.jar
–console
Any advice will be helpful
Thanks in advance
David
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
