Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] A few questions on ConditionalPermissionAdmin
That makes sense Tom.

Thank you,
Ali.

On 3/21/2011 12:16 PM, Thomas Watson wrote:

I have mislead you on the service permission. Keep in mind that a service permission is checked at runtime only and NOT at resolve time. Say Bundle X registers service Foo. At runtime, bundle X must have the proper ServicePermission or a security exception will be thrown when bundle X tries to register the Foo service. Service dependencies are do not influence if a bundle can be resolved or not and therefore service permissions are not checked at resolve time.

What I think you mean is that bundle X is not allowed to start if it is not granted the proper service permission. This is likely because the BundleActivator.start method for Bundle X is attempting to register the service Foo and this causes a SecurityException at start. Starting a bundle is a separate lifecycle operation from resolving a bundle. So in this case bundle X is allowed to resolve even though it is not granted the ServicePermission to do so.

Tom



Inactive hide details for Ali Naddaf ---03/21/2011 11:22:18 AM---Thank you Tom for your explanation. Although the behavior in 1Ali Naddaf ---03/21/2011 11:22:18 AM---Thank you Tom for your explanation. Although the behavior in 1 is still a bit strange for me (since, for example, if the very s


From:
Ali Naddaf <ali.naddaf@xxxxxxxxx>

To:
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

Cc:
Thomas Watson/Austin/IBM@IBMUS

Date:
03/21/2011 11:22 AM

Subject:
Re: [equinox-dev] A few questions on ConditionalPermissionAdmin




Thank you Tom for your explanation. Although the behavior in 1 is still a bit strange for me (since, for example, if the very same bundle exports a service without having the permission to, it fails to resolve but on the same account, all its constraints are satisfied, in other words, in terms of exporting a package or a service, seem to be somewhat similar to each other but we have two different behaviors), I am fine since now I know what is going on and can move on. On the item 3, I will open an enhancement request.

Ali.

On 3/21/2011 10:39 AM, Thomas Watson wrote:
      1. In the case where the bundle does not have the proper export permission:

      The bundle is allowed to resolve because its own constraints have been satisfied. This allows the bundle to activate since it can resolve. The fact that the bundle is not actually allowed to export something does not prevent it from being able to resolve.

      2. and 3. I am not aware of any graphical tools to do this. Although 3. could be in the realm of PDE since this is editing the content of a bundle. You should consider opening a bug against PDE->UI for this (      https://bugs.eclipse.org/bugs/enter_bug.cgi?product=PDE)

      Tom



      Inactive hide details for Ali Naddaf ---03/21/2011 09:54:04 AM---Hello everyone.Ali Naddaf ---03/21/2011 09:54:04 AM---Hello everyone.

      From:
      Ali Naddaf <ali.naddaf@xxxxxxxxx>

      To:
      Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

      Date:
      03/21/2011 09:54 AM

      Subject:
      [equinox-dev] A few questions on ConditionalPermissionAdmin



      Hello everyone.

      I recently started playing with the ConditionalPermissionAdmin and local
      permissions in Equinox. Here are a few questions I ran into:

      1. As a simple test, I wrote a trivial bundle that does nothing except
      exporting a package. I noticed that if I do not explicitly state the
      PackageAdmin permission for the exported package, still my bundle comes
      up without any issue. To make sure I was setting things up correctly, I
      also tried to export a service from the same bundle without giving the
      ServicePermission in my local permissions and that failed so the setup
      seems to  be right but for some reason, even though I have the Export
      clause in my manifest and no PackagePermission in my local permissions,
      still the bundle comes up fine. In other words, commenting or
      uncommenting the following line in my permissions.perm didn't make any
      difference :

      # ( org.osgi.framework.PackagePermission "com.acme.osgi.client1"
      "IMPORT,EXPORT" )   # com.acme.osgi.client1 is the package that I was
      exporting

      2. Is there a graphical tool that can inspect a bundle for its local
      permissions, so that an operator can use that to see what sort of
      permissions are being requested? I know it is easy to open a jar file
      and look at the permissions.perm there but it seems like something that
      may already have a tool done by someone.

      3. Is there a graphical interface (even as an eclipse plugin or so) to
      help developers create their local permissions in the permissions.perm?
      It is easy to make a syntax error there, so again it sounds to me like
      something that can benefit from a more graphically oriented tool.

      Many thanks
      Ali.
      _______________________________________________
      equinox-dev mailing list
      equinox-dev@xxxxxxxxxxx
      https://dev.eclipse.org/mailman/listinfo/equinox-dev




      _______________________________________________
      equinox-dev mailing list
      equinox-dev@xxxxxxxxxxx
      https://dev.eclipse.org/mailman/listinfo/equinox-dev
      _______________________________________________
      equinox-dev mailing list
      equinox-dev@xxxxxxxxxxx
      https://dev.eclipse.org/mailman/listinfo/equinox-dev



_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev

Back to the top