On May 24, 2007, at 1:58 PM, Pierre Parrend wrote:
Hello,
for instance, I have the following command:
jamvm -Djava.security.manager -Djava.security.policy=conf/
java.policy -cp
bin/felix.jar: org.apache.felix.main.Main
(jamvm uses the Gnu classpath, with default configuration)
with following conf/java.policy file:
grant codeBase "/code/osgi-projects/sfelix/sfelix0.2.2/main/-" {
permission java.io.FilePermission "/home/pierre/.felix/
testSF", "read";
permission java.lang.RuntimePermission "exitVM";
};
which gives me following error:
Error creating bundle cache:
permission (java.io.FilePermission /home/pierre/.felix/testSF read)
not granted:
no protection domains
Could not create framework: java.security.AccessControlException:
permission
(java.lang.RuntimePermission exitVM ) not granted: no protection
domains
java.security.AccessControlException: permission
(java.lang.RuntimePermission
exitVM ) not granted: no protection domains
at
java.security.AccessControlContext.checkPermission
(AccessControlContext.java:149)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission
(SecurityManager.java:356)
at java.lang.SecurityManager.checkExit(SecurityManager.java:475)
at java.lang.Runtime.exit(Runtime.java:171)
at java.lang.System.exit(System.java:506)
at
org.apache.felix.framework.util.SecureAction$Actions.run
(SecureAction.java:843)
at java.security.AccessController.doPrivileged
(AccessController.java:195)
at org.apache.felix.framework.util.SecureAction.exit
(SecureAction.java:624)
at org.apache.felix.framework.Felix.start(Felix.java:276)
at org.apache.felix.main.Main.main(Main.java:208)
(executed platform is the Felix OSGi implementation, which work
well without the
security set)
One problem here is that Classpath still unfortunately uses a bogus
DefaultPolicy class for its policy, not the one that reads policy
files. You can force using the policy file reader by adding the option:
-Dpolicy.provider=gnu.java.security.PolicyFile
...I don't know why the default policy would reject the permission
checks, though, since (AFAIK) the default policy grants AllPermission.