Re: [equinox-dev] Problem with security in Equinox
This works for me. What VM are you using? I suggest you open a bug with
details on your OS and java version etc.
Tom
|>
| From: |
|>
>|
|"David Conde"
|
>|
|>
| To:|
|>
>|
|
|
>|
|>
| Date: |
|>
>|
|04/24/2009 07:17 AM
|
>|
|>
| Subject: |
|>
>|
|[equinox-dev] Problem with security in Equinox
|
>|
Hi,
I have been looking for documentation about make secure a bundle running on
Equinox Framework without using Eclipse.
I have tried to put ON the security features of Equinox typing the next
commands:
java
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
-Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar
-console
Previously I created text file called policy in which I had written :
grant {
permission java.security.AllPermission;
};
But when I do this I got the next Exception:
Errror occurred during initialization of VM:
java.lang.ExceptionInInitializerError
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source))
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source):
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)):
Caused by: java.security.AccessControlException: access denied
(java.security.Se
curityPermission getProperty.networkaddress.cache.ttl)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at
org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.int
ernalCheckPermission(FrameworkSecurityManager.java:119)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
$Che
ckPermissionAction.run(FrameworkSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at
org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:90)
at
org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:219)
at java.security.Security.getProperty(Unknown Source)
at sun.net.InetAddressCachePolicy$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.InetAddressCachePolicy.(Unknown Source)
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source))
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
I do not have any idea about why I got this exception, I have looked for
that in Internet but there was no result
Any idea about this problem?
Thank you in advance
David
___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
<><>___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
RE: [equinox-dev] Problem with security in Equinox
Hi, I am using versión 1.6.0_07 on Windows XP. I will continue looking for a
mistake in my configuration before opening a bug.
Thanks
David
De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-boun...@eclipse.org]
En nombre de Thomas Watson
Enviado el: viernes, 24 de abril de 2009 16:59
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Problem with security in Equinox
This works for me. What VM are you using? I suggest you open a bug with
details on your OS and java version etc.
Tom
Inactive hide details for "David Conde" ---04/24/2009 07:17:52
AM---Hi,"David Conde" ---04/24/2009 07:17:52 AM---Hi,
From:
"David Conde"
To:
Date:
04/24/2009 07:17 AM
Subject:
[equinox-dev] Problem with security in Equinox
_
Hi,
I have been looking for documentation about make secure a bundle running on
Equinox Framework without using Eclipse.
I have tried to put ON the security features of Equinox typing the next
commands:
java
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
curityManager
-Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar
-console
Previously I created text file called policy in which I had written :
grant {
permission java.security.AllPermission;
};
But when I do this I got the next Exception:
Errror occurred during initialization of VM
java.lang.ExceptionInInitializerError
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.security.Se
curityPermission getProperty.networkaddress.cache.ttl)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.int
ernalCheckPermission(FrameworkSecurityManager.java:119)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager$Che
ckPermissionAction.run(FrameworkSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:90)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:219)
at java.security.Security.getProperty(Unknown Source)
at sun.net.InetAddressCachePolicy$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.InetAddressCachePolicy.(Unknown Source)
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
I do not have any idea about why I got this exception, I have looked for
that in Internet but there was no result
Any idea about this problem?
Thank you in advance
David
___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
<><><>___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
RE: [equinox-dev] Problem with security in Equinox
I got a solution for my problem, if I modify the common policy file in JVM
directory, instead of changing in my policy file (into my program
directory), and there I write:
grant {
permission java.security.AllPermission;
};
then If I launch Equinox with security parameters I do not get any exception
at all.
Java
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
curityManager
-Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar
-console
Why do I have to modify in the JVR directory policy file instead of doing in
my policy file?
I mean , If I like to fix some permissions for my bundle I should not write
them in JVR Policy file but in my policy file.
Thanks in advance
De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-boun...@eclipse.org]
En nombre de Thomas Watson
Enviado el: viernes, 24 de abril de 2009 16:59
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Problem with security in Equinox
This works for me. What VM are you using? I suggest you open a bug with
details on your OS and java version etc.
Tom
Inactive hide details for "David Conde" ---04/24/2009 07:17:52
AM---Hi,"David Conde" ---04/24/2009 07:17:52 AM---Hi,
From:
"David Conde"
To:
Date:
04/24/2009 07:17 AM
Subject:
[equinox-dev] Problem with security in Equinox
_
Hi,
I have been looking for documentation about make secure a bundle running on
Equinox Framework without using Eclipse.
I have tried to put ON the security features of Equinox typing the next
commands:
java
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
curityManager
-Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar
-console
Previously I created text file called policy in which I had written :
grant {
permission java.security.AllPermission;
};
But when I do this I got the next Exception:
Errror occurred during initialization of VM
java.lang.ExceptionInInitializerError
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
Caused by: java.security.AccessControlException: access denied
(java.security.Se
curityPermission getProperty.networkaddress.cache.ttl)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.int
ernalCheckPermission(FrameworkSecurityManager.java:119)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager$Che
ckPermissionAction.run(FrameworkSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:90)
at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.che
ckPermission(FrameworkSecurityManager.java:219)
at java.security.Security.getProperty(Unknown Source)
at sun.net.InetAddressCachePolicy$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.InetAddressCachePolicy.(Unknown Source)
at java.lang.System.setSecurityManager0(Unknown Source)
at java.lang.System.setSecurityManager(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at sun.misc.Launcher.(Unknown Source)
at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
I do not have any idea about why I got this exception, I have looked for
that in Internet but there was no result
Any idea about this problem?
Thank you in advance
David
___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
<><><>___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev
RE: [equinox-dev] Problem with security in Equinox
Hi,
I run equinox with my own policy, that looks like this:
grant codeBase
"file:/path_to_launcher_bundle/org.eclipse.equinox.launcher_1.0.100.v20080509-1800.jar"
{
permission java.util.PropertyPermission "*", "read, write";
permission java.io.FilePermission "<>", "read, write, delete";
permission java.lang.RuntimePermission "*";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission org.osgi.framework.ServicePermission "*","register,get";
permission org.osgi.framework.AdminPermission;
permission java.net.NetPermission "specifyStreamHandler";
permission org.osgi.service.application.ApplicationAdminPermission "*",
"lifecycle";
permission org.osgi.framework.PackagePermission "*","export,import";
permission org.osgi.framework.BundlePermission "*","provide,require";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.TEST";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getSubject";
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
};
grant codeBase "file:/path_to/workspace" {
permission java.io.FilePermission "<>", "read, write, delete";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "*";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission org.osgi.framework.ServicePermission "*","register,get";
permission org.osgi.framework.AdminPermission;
permission java.net.NetPermission "specifyStreamHandler";
permission org.osgi.service.application.ApplicationAdminPermission "*",
"lifecycle";
permission org.osgi.framework.PackagePermission "*","export,import";
permission org.osgi.framework.BundlePermission "*","provide,require";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.TEST";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getSubject";
};
As VM lauch arguments I gave:
-Djava.security.policy=${workspace_loc}/PluginName/data/test.policy
-Djava.security.manager
-Declipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
What I further needed was the permissions.perm file in the OSGI-INF folder,
that contains the same information like the section for the launcher in the
policy file:
(java.io.FilePermission "<>" "read,write,delete")
(java.util.PropertyPermission "*" "read, write")
(java.lang.RuntimePermission "*")
(java.lang.reflect.ReflectPermission "suppressAccessChecks")
(org.osgi.framework.ServicePermission "*" "register,get")
(org.osgi.framework.AdminPermission)
(java.net.NetPermission "specifyStreamHandler")
(org.osgi.service.application.ApplicationAdminPermission "*" "lifecycle")
(org.osgi.framework.PackagePermission "*" "export,import")
(org.osgi.framework.BundlePermission "*" "provide,require")
(javax.security.auth.AuthPermission "modifyPrincipals")
(javax.security.auth.AuthPermission "createLoginContext.TEST")
(javax.security.auth.AuthPermission "doAsPrivileged")
(javax.security.auth.AuthPermission "setLoginConfiguration")
(javax.security.auth.AuthPermission "doAs")
(javax.security.auth.AuthPermission "getSubject")
(java.security.SecurityPermission "getPolicy")
(java.security.SecurityPermission "setPolicy")
Regards,
Mark
"David Conde" schrieb am 27.04.2009 09:32:16:
>
> I got a solution for my problem, if I modify the common policy file
> in JVM directory, instead of changing in my policy file (into my
> program directory), and there I write:
>
> grant {
> permission java.security.AllPermission;
> };
>
> then If I launch Equinox with security parameters I do not get any
> exception at all.
RE: [equinox-dev] Problem with security in Equinox
Hi again,
It is true, I changed the extension in my policy file and I do not already
need to change anything in the common JVM policy file.
Thanks for your replies
-Mensaje original-
De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-boun...@eclipse.org]
En nombre de Mark Hoffmann
Enviado el: lunes, 27 de abril de 2009 10:42
Para: Equinox development mailing list
Asunto: RE: [equinox-dev] Problem with security in Equinox
Hi,
I run equinox with my own policy, that looks like this:
grant codeBase
"file:/path_to_launcher_bundle/org.eclipse.equinox.launcher_1.0.100.v2008050
9-1800.jar" {
permission java.util.PropertyPermission "*", "read, write";
permission java.io.FilePermission "<>", "read, write,
delete";
permission java.lang.RuntimePermission "*";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission org.osgi.framework.ServicePermission "*","register,get";
permission org.osgi.framework.AdminPermission;
permission java.net.NetPermission "specifyStreamHandler";
permission org.osgi.service.application.ApplicationAdminPermission "*",
"lifecycle";
permission org.osgi.framework.PackagePermission "*","export,import";
permission org.osgi.framework.BundlePermission "*","provide,require";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.TEST";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getSubject";
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
};
grant codeBase "file:/path_to/workspace" {
permission java.io.FilePermission "<>", "read, write,
delete";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "*";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission org.osgi.framework.ServicePermission "*","register,get";
permission org.osgi.framework.AdminPermission;
permission java.net.NetPermission "specifyStreamHandler";
permission org.osgi.service.application.ApplicationAdminPermission "*",
"lifecycle";
permission org.osgi.framework.PackagePermission "*","export,import";
permission org.osgi.framework.BundlePermission "*","provide,require";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.TEST";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "getSubject";
};
As VM lauch arguments I gave:
-Djava.security.policy=${workspace_loc}/PluginName/data/test.policy
-Djava.security.manager
-Declipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurit
yManager
What I further needed was the permissions.perm file in the OSGI-INF folder,
that contains the same information like the section for the launcher in the
policy file:
(java.io.FilePermission "<>" "read,write,delete")
(java.util.PropertyPermission "*" "read, write")
(java.lang.RuntimePermission "*")
(java.lang.reflect.ReflectPermission "suppressAccessChecks")
(org.osgi.framework.ServicePermission "*" "register,get")
(org.osgi.framework.AdminPermission)
(java.net.NetPermission "specifyStreamHandler")
(org.osgi.service.application.ApplicationAdminPermission "*" "lifecycle")
(org.osgi.framework.PackagePermission "*" "export,import")
(org.osgi.framework.BundlePermission "*" "provide,require")
(javax.security.auth.AuthPermission "modifyPrincipals")
(javax.security.auth.AuthPermission "createLoginContext.TEST")
(javax.security.auth.AuthPermission "doAsPrivileged")
(javax.security.auth.AuthPermission "setLoginConfiguration")
(javax.security.auth.AuthPermission "doAs")
(javax.security.auth.AuthPermission "getSubject")
(java.security.SecurityPermission "getPolicy")
(java.security.SecurityPermission "setPolicy")
RE: [equinox-dev] Problem with security in Equinox
My guess is that you policy file is not getting read by the VM for some
reason. Try using an absolute path the the policy file.
Also note that your policy file is not used to manage the permissions of
the individual bundles installed into the framework. Bundle class loaders
use protection domains which are controlled by the Permission Admin and
Conditional Permission Admin services which are published by the framework.
You must use these OSGi services to control the permissions granted to
bundles.
Ultimately your policy file is only needed to grant AllPermissions to the
framework implementation.
Tom
|>
| From: |
|>
>|
|"David Conde"
|
>|
|>
| To:|
|>
>|
|"'Equinox development mailing list'"
|
>|
|>
| Date: |
|>
>|
|04/27/2009 02:32 AM
|
>|
|>
| Subject: |
|>
>----------------------------|
|RE: [equinox-dev] Problem with security in Equinox
|
>|
I got a solution for my problem, if I modify the common policy file in JVM
directory, instead of changing in my policy file (into my program
directory), and there I write:
grant {
permission java.security.AllPermission;
};
then If I launch Equinox with security parameters I do not get any
exception at all.,
Java -
Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
-Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar
–console
Why do I have to modify in the JVR directory policy file instead of doing
in my policy file?
I mean , If I like to fix some permissions for my bundle I should not
write them in JVR Policy file but in my policy file.
Thanks in advance
De: equinox-dev-boun...@eclipse.org [mailto:equinox-dev-boun...@eclipse.org
] En nombre de Thomas Watson
Enviado el: viernes, 24 de abril de 2009 16:59
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Problem with security in Equinox
This works for me. What VM are you using? I suggest you open a bug with
details on your OS and java version etc.
Tom
Inactive hide details for "David Conde" ---04/24/2009 07:17:52 AM---Hi,
"David Conde" ---04/24/2009 07:17:52 AM---Hi,
From: "David Conde"
To:
Date: 04/24/2009 07:17 AM
Subject: [equinox-dev] Problem with security in Equinox
Hi,
I have been looking for documentation about make secure a bundle running on
Equinox Framework without using Eclipse.
I have tried to put ON the security features of Equinox typing the nex
