[
https://issues.apache.org/jira/browse/ARIES-497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Ross closed ARIES-497.
---------------------------
Resolution: Not A Problem
Closing as no longer relevant. Security requirements have been defined by the
subsystems specification and implemented.
> Subsystem-scope: some prototype work for java security
> ------------------------------------------------------
>
> Key: ARIES-497
> URL: https://issues.apache.org/jira/browse/ARIES-497
> Project: Aries
> Issue Type: Improvement
> Components: Subsystem
> Reporter: Lin Sun
> Assignee: Lin Sun
> Priority: Minor
>
> I have done some prototype work for for subsystem with java security. The
> idea is when security manager is turned on, we want to allow the subsystem to
> have some sort of default permissions (default allows and denys).
> I haven't really gotten the piece of work working but I thought I should
> check what I have. Here is what it is able to do:
> 1. added default allows and denys for scope when each of the scope is
> created. If the scope provides its own permission file, this file needs to
> be read. (TBD).
> 2. added itests for these. Unfortunately itests are not passing yet, but I
> was able to turn on security w/ equinox and run through the itests. The
> itests currently failed when scopeUpdateImpl is trying to register the
> scopeadmin service in the service registry but didn't have permission to do
> so. It seems I am not configuring the permission correctly for the
> subsystem.scope.impl bundle. I thought I should check in what I have for
> now. The tests of course pass when security is off.
> <error message="access denied (org.osgi.framework.ServicePermission
> org.apache.aries.subsystem.scope.ScopeAdmin register)"
> type="java.security.AccessControlException">java.security.AccessControlException:
> access denied (org.osgi.framework.ServicePermission
> org.apache.aries.subsystem.scope.ScopeAdmin register)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at
> org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
> at
> org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
> at
> org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.checkRegisterServicePermission(ServiceRegistry.java:1021)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:200)
> at
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:429)
> at
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:447)
> at
> org.apache.aries.subsystem.scope.impl.ScopeUpdateImpl.commit(ScopeUpdateImpl.java:164)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
