That makes sense Tom.
Thank you,
Ali.
On 3/21/2011 12:16 PM, Thomas Watson wrote:
I have mislead you on the service permission. Keep in mind that
a service permission is checked at runtime only and NOT at
resolve time. Say Bundle X registers service Foo. At runtime,
bundle X must have the proper ServicePermission or a security
exception will be thrown when bundle X tries to register the Foo
service. Service dependencies are do not influence if a bundle
can be resolved or not and therefore service permissions are not
checked at resolve time.
What I think you mean is that bundle X is not allowed to start
if it is not granted the proper service permission. This is
likely because the BundleActivator.start method for Bundle X is
attempting to register the service Foo and this causes a
SecurityException at start. Starting a bundle is a separate
lifecycle operation from resolving a bundle. So in this case
bundle X is allowed to resolve even though it is not granted the
ServicePermission to do so.
Tom
Ali
Naddaf ---03/21/2011 11:22:18 AM---Thank you Tom for your
explanation. Although the behavior in 1 is still a bit strange
for me (since, for example, if the very s

From: |

Ali Naddaf <ali.naddaf@xxxxxxxxx> |

To: |

Equinox development mailing list
<equinox-dev@xxxxxxxxxxx> |

Cc: |

Thomas Watson/Austin/IBM@IBMUS |

Date: |

03/21/2011 11:22 AM |

Subject: |

Re: [equinox-dev] A few questions on
ConditionalPermissionAdmin |
Thank you Tom for your explanation. Although the
behavior in 1 is still a bit strange for me (since, for example,
if the very same bundle exports a service without having the
permission to, it fails to resolve but on the same account, all
its constraints are satisfied, in other words, in terms of
exporting a package or a service, seem to be somewhat similar to
each other but we have two different behaviors), I am fine since
now I know what is going on and can move on. On the item 3, I
will open an enhancement request.
Ali.
On 3/21/2011 10:39 AM, Thomas Watson wrote:
1. In the case where the bundle does not have
the proper export permission:
The bundle is allowed to resolve because its own constraints
have been satisfied. This allows the bundle to activate
since it can resolve. The fact that the bundle is not
actually allowed to export something does not prevent it
from being able to resolve.
2. and 3. I am not aware of any graphical tools to do this.
Although 3. could be in the realm of PDE since this is
editing the content of a bundle. You should consider opening
a bug against PDE->UI for this (https://bugs.eclipse.org/bugs/enter_bug.cgi?product=PDE)
Tom
Ali Naddaf ---03/21/2011 09:54:04
AM---Hello everyone.
Hello everyone.
I recently started playing with the
ConditionalPermissionAdmin and local
permissions in Equinox. Here are a few questions I ran
into:
1. As a simple test, I wrote a trivial bundle that does
nothing except
exporting a package. I noticed that if I do not explicitly
state the
PackageAdmin permission for the exported package, still my
bundle comes
up without any issue. To make sure I was setting things up
correctly, I
also tried to export a service from the same bundle
without giving the
ServicePermission in my local permissions and that failed
so the setup
seems to be right but for some reason, even though I have
the Export
clause in my manifest and no PackagePermission in my local
permissions,
still the bundle comes up fine. In other words, commenting
or
uncommenting the following line in my permissions.perm
didn't make any
difference :
# ( org.osgi.framework.PackagePermission
"com.acme.osgi.client1"
"IMPORT,EXPORT" ) # com.acme.osgi.client1 is the package
that I was
exporting
2. Is there a graphical tool that can inspect a bundle for
its local
permissions, so that an operator can use that to see what
sort of
permissions are being requested? I know it is easy to open
a jar file
and look at the permissions.perm there but it seems like
something that
may already have a tool done by someone.
3. Is there a graphical interface (even as an eclipse
plugin or so) to
help developers create their local permissions in the
permissions.perm?
It is easy to make a syntax error there, so again it
sounds to me like
something that can benefit from a more graphically
oriented tool.
Many thanks
Ali.
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
|