Hi again, It is true, I changed the extension in my policy file and I do not already need to change anything in the common JVM policy file.
Thanks for your replies -----Mensaje original----- De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-boun...@eclipse.org] En nombre de Mark Hoffmann Enviado el: lunes, 27 de abril de 2009 10:42 Para: Equinox development mailing list Asunto: RE: [equinox-dev] Problem with security in Equinox Hi, I run equinox with my own policy, that looks like this: grant codeBase "file:/path_to_launcher_bundle/org.eclipse.equinox.launcher_1.0.100.v2008050 9-1800.jar" { permission java.util.PropertyPermission "*", "read, write"; permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete"; permission java.lang.RuntimePermission "*"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission org.osgi.framework.ServicePermission "*","register,get"; permission org.osgi.framework.AdminPermission; permission java.net.NetPermission "specifyStreamHandler"; permission org.osgi.service.application.ApplicationAdminPermission "*", "lifecycle"; permission org.osgi.framework.PackagePermission "*","export,import"; permission org.osgi.framework.BundlePermission "*","provide,require"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "createLoginContext.TEST"; permission javax.security.auth.AuthPermission "doAsPrivileged"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "doAs"; permission javax.security.auth.AuthPermission "getSubject"; permission java.security.SecurityPermission "getPolicy"; permission java.security.SecurityPermission "setPolicy"; }; grant codeBase "file:/path_to/workspace" { permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete"; permission java.util.PropertyPermission "*", "read, write"; permission java.lang.RuntimePermission "*"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission org.osgi.framework.ServicePermission "*","register,get"; permission org.osgi.framework.AdminPermission; permission java.net.NetPermission "specifyStreamHandler"; permission org.osgi.service.application.ApplicationAdminPermission "*", "lifecycle"; permission org.osgi.framework.PackagePermission "*","export,import"; permission org.osgi.framework.BundlePermission "*","provide,require"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "createLoginContext.TEST"; permission javax.security.auth.AuthPermission "doAsPrivileged"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "doAs"; permission javax.security.auth.AuthPermission "getSubject"; }; As VM lauch arguments I gave: -Djava.security.policy=${workspace_loc}/PluginName/data/test.policy -Djava.security.manager -Declipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurit yManager What I further needed was the permissions.perm file in the OSGI-INF folder, that contains the same information like the section for the launcher in the policy file: (java.io.FilePermission "<<ALL FILES>>" "read,write,delete") (java.util.PropertyPermission "*" "read, write") (java.lang.RuntimePermission "*") (java.lang.reflect.ReflectPermission "suppressAccessChecks") (org.osgi.framework.ServicePermission "*" "register,get") (org.osgi.framework.AdminPermission) (java.net.NetPermission "specifyStreamHandler") (org.osgi.service.application.ApplicationAdminPermission "*" "lifecycle") (org.osgi.framework.PackagePermission "*" "export,import") (org.osgi.framework.BundlePermission "*" "provide,require") (javax.security.auth.AuthPermission "modifyPrincipals") (javax.security.auth.AuthPermission "createLoginContext.TEST") (javax.security.auth.AuthPermission "doAsPrivileged") (javax.security.auth.AuthPermission "setLoginConfiguration") (javax.security.auth.AuthPermission "doAs") (javax.security.auth.AuthPermission "getSubject") (java.security.SecurityPermission "getPolicy") (java.security.SecurityPermission "setPolicy") Regards, Mark "David Conde" <dco...@citic.es> schrieb am 27.04.2009 09:32:16: > > I got a solution for my problem, if I modify the common policy file > in JVM directory, instead of changing in my policy file (into my > program directory), and there I write: > > grant { > permission java.security.AllPermission; > }; > > then If I launch Equinox with security parameters I do not get any > exception at all. > > Java -Djava.security.manager=org.eclipse.osgi.framework.internal.core. > FrameworkSecurityManager > -Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107. > jar –console > > Why do I have to modify in the JVR directory policy file instead of > doing in my policy file? > > I mean , If I like to fix some permissions for my bundle I should not > write them in JVR Policy file but in my policy file. > > Thanks in advance > > De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-bounces@ > eclipse.org] *En nombre de *Thomas Watson > *Enviado el:* viernes, 24 de abril de 2009 16:59 > *Para:* Equinox development mailing list > *Asunto:* Re: [equinox-dev] Problem with security in Equinox > > This works for me. What VM are you using? I suggest you open a bug > with details on your OS and java version etc. > > Tom > > "David Conde" ---04/24/2009 07:17:52 AM---Hi, > > From: > > "David Conde" <dco...@citic.es> > > To: > > <equinox-dev@eclipse.org> > > Date: > > 04/24/2009 07:17 AM > > Subject: > > [equinox-dev] Problem with security in Equinox > > Hi, > > I have been looking for documentation about make secure a bundle > running on Equinox Framework without using Eclipse. > > I have tried to put ON the security features of Equinox typing the > next commands: > > java > -Djava.security.manager=org.eclipse.osgi.framework.internal.core. > FrameworkSecurityManager > -Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107. > jar -console > > Previously I created text file called policy in which I had written : > > grant { > permission java.security.AllPermission; > }; > > But when I do this I got the next Exception: > > Errror occurred during initialization of VM > java.lang.ExceptionInInitializerError > at java.lang.System.setSecurityManager0(Unknown Source) > at java.lang.System.setSecurityManager(Unknown Source) > at sun.misc.Launcher.<init>(Unknown Source) > at sun.misc.Launcher.<clinit>(Unknown Source) > at java.lang.ClassLoader.initSystemClassLoader(Unknown Source) > at java.lang.ClassLoader.getSystemClassLoader(Unknown Source) > Caused by: java.security.AccessControlException: access denied (java. > security.Se > curityPermission getProperty.networkaddress.cache.ttl) > at java.security.AccessControlContext.checkPermission(Unknown Source) > at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager. > int > ernalCheckPermission(FrameworkSecurityManager.java:119) > at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager$ > Che > ckPermissionAction.run(FrameworkSecurityManager.java:84) > at java.security.AccessController.doPrivileged(Native Method) > at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager. > che > ckPermission(FrameworkSecurityManager.java:90) > at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager. > che > ckPermission(FrameworkSecurityManager.java:219) > at java.security.Security.getProperty(Unknown Source) > at sun.net.InetAddressCachePolicy$1.run(Unknown Source) > at java.security.AccessController.doPrivileged(Native Method) > at sun.net.InetAddressCachePolicy.<clinit>(Unknown Source) > at java.lang.System.setSecurityManager0(Unknown Source) > at java.lang.System.setSecurityManager(Unknown Source) > at sun.misc.Launcher.<init>(Unknown Source) > at sun.misc.Launcher.<clinit>(Unknown Source) > at java.lang.ClassLoader.initSystemClassLoader(Unknown Source) > > I do not have any idea about why I got this exception, I have looked > for that in Internet but there was no result > > Any idea about this problem? > > Thank you in advance > > David > > _______________________________________________ > equinox-dev mailing list > equinox-dev@eclipse.org > https://dev.eclipse.org/mailman/listinfo/equinox-dev > > _______________________________________________ equinox-dev mailing > list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/ > > equinox-dev __________________________________________________________________________ Verschicken Sie SMS direkt vom Postfach aus - in alle deutschen und viele ausländische Netze zum gleichen Preis! https://produkte.web.de/webde_sms/sms _______________________________________________ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev _______________________________________________ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev