Thank you for your answer,
Finally I found my problem, my problem was that my custom
permission implementatation was not right, so I took UserManagerPermission as a
reference and I implemented again my custom permission class similar to
UserManagerPermission one, then If I just set the permissions in
permissions.perm file everything works fine.
Thanks
De:
equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En
nombre de Thomas Watson
Enviado el: martes, 08 de septiembre de 2009 15:20
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Problem with custom local permissions
This should be possible. But keep in mind that
the local permissions in OSGi are a way to restrict a bundle to a particular
set of permissions regardless of what permissions have been granted to the
bundle from the PermissionAdmin or ConditionalPermissionAdmin. Have you made
any calls to PermissionAdmin or ConditionalPermissionAdmin to manage bundle
permissions? If so, have you granted the bundles your custom permission or
AllPermissions? Even though you specified the permission in a bundle's local
permission, the bundle will not actually have that permission unless you also
make sure it is granted the permission from one of the permission admin
services. Keep in mind that if you have not made any calls to the permission
admin services then the default default permissions for all bundles is
AllPermissions.
Also keep in mind that the protection domains for the bundles are controlled
exclusively by the Framework's PermissionsAdmin and ConditionalPermissionAdmin.
The policy file you use is only to grant permission to code running outside of
a bundle class loader. Typically you need to grant AllPermissions to the
Framework implementation which it looks like you have done.
Tom
dconde---09/06/2009 02:10:40 PM---Hi again,
|
From:
|
dconde@xxxxxxxx
|
|
To:
|
"Equinox development mailing list"
<equinox-dev@xxxxxxxxxxx>
|
|
Date:
|
09/06/2009 02:10 PM
|
|
Subject:
|
Re: [equinox-dev] Problem with custom local
permissions
|
Hi again,
Maybe what I am trying to do which was explained in my previous thread is
not possible. I would like to know if it is possible to specify custom
permissions as local permission setting them in permission.perm file or do
I have to specify them by program in the same way as conditional
permissions?
I have created a custom permission class called MyPermission class which
extends from java.security.Permission and I have tried set them in a
permissions.perm file as local permissions, is this possible?
Thank you in advance
> Hi,
>
> I did not write any bundle which neither reads the permissions nor
parses
> the text into PermissionInfo. I supposed that I could work in the same
way
> that I worked with other permissions different to custom permissions,
I
> mean , I created a policy.policy file where I set ALLPermissions
>
> grant {
> permission java.security.AllPermission;
> };
>
> then I launched Equinox with SecurityManager in the command line
>
>
>
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
> curityManager
> -Djava.security.policy=policy
>
> and placed the OSGI-INF folder with permissions.perm file into the
bundle
> directory, what I do not understand is why I have to do what you
explained
> me if I did not do when I did not use custom permissions. I mean, are
> custom permission dealed in different way as ServicePermission or
> FilePermission?
>
>
> I have done some tests with local permissions without using custom
> permissions and I did not have to create any bundle which read the
> permissions.perm file nor parse the text into PermissionInfo.
>
> Is there some example about how I have to do this?
>
> Thank you in advance
>
>
>> Have you written (or installed) a bundle which reads the
>> permissions.perm
>> file, parses the text into PermissionInfos and calls either
>> PermissionAdmin or ConditionalPermissionAdmin to set the
permissions of
>> the bundle?
>>
>> permissions.perm files are not read by the framework. You need s
>> security
>> policy bundle installed (for example, as I describe above) to set
bundle
>> permissions. The framework is policy free.
>> --
>>
>> BJ Hargrave
>> Senior Technical Staff Member, IBM
>> OSGi Fellow and CTO of the OSGi Alliance
>> hargrave@xxxxxxxxxx
>>
>> office: +1 386 848 1781
>> mobile: +1 386 848 3788
>>
>>
>>
>>
>> From:
>> "David Conde" <dconde@xxxxxxxx>
>> To:
>> "'Equinox development mailing list'"
<equinox-dev@xxxxxxxxxxx>
>> Date:
>> 2009/09/04 07:59
>> Subject:
>> [equinox-dev] Problem with custom local permissions
>> Sent by:
>> equinox-dev-bounces@xxxxxxxxxxx
>>
>>
>>
>> Hi,
>>
>> I have the next scenario:
>> Bundle Service which has a method called addVALUE as shown:
>>
>> public boolean addValue(String key, Object value) {
>>
>> SecurityManager security
= System.getSecurityManager();
>> if (security != null) {
>>
security.checkPermission(new
>> PlatformConfigurationPermission(
>>
PlatformConfigurationPermission.WRITE_VALUE));
>> }
>>
>> }
>>
>> The problem is that other bundle called consumer which
has the next
>> permissions.perm file, tries to call this method getting the
Security
>> Exception shown below:
>>
>> #TestPlatformConfiguration Permissions File
>> (java.io.FilePermission "C:\TestingLog3.log"
"write")
>> (es.citic.osgi.system.platformConfiguration.PlatformConfigurationPermission
>> "PlatformConfigurationPermission"
"writeValue")
>>
>>
>> The Exception which was got is:
>> Java.security.AccessControlException: Access denied
>>
(es.citic.osgi.system.platformConfiguration.PlatoformConfigurationPermission
>> PlatformConfigurationPermission writeValue)
>>
>>
>> My PlatformConfigurationPermission class extends from Permission.
>>
>> What am I missing in this implementation?
>>
>> It looks like as does not recognice what I am writing in the
>> permission.perm file.
>>
>> Any idea
>>
>> Thank you in advance
>>
>> David_______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>> _______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>
>
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>
>
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
