Hi Sander,
For the practical part, there is a start in this thread:
http://www.mail-archive.com/[email protected]/msg07766.html
As it is said, static permissions cannot handle the dynamic code that
are bundles. OSGi introduced a security layer to perform those dynamic
checks.
As for static permissions, you can grant specific permissions
(classical ones + some OSGi-specific permissions) to specific bundles
(by code location or by bundle signer, as for static perms). You can
also deny some permissions, which isn't possible with classical Java
perms.
In your case, you just have to grant permissions regarding their code
location.
Hope that helps,
François
Sander de Groot <[email protected]> a écrit :
Hi,
After some research about security in OSGi I've found that it is
fairly difficult to find examples of how permissions are set.
The following resources proofed to be usefull:
- http://www.mail-archive.com/[email protected]/msg05090.html
- http://www.osgi.org/download/r4v41/r4.core.pdf
-
http://felix.apache.org/site/presentations.data/Building%20Secure%20OSGi%20Applications%20Workshop.pdf
Each of the links above contain a lot of theory but nothing practical really.
My goal is fairly simple: I have got multiple bundles of a specific
category (webapplications) each of these webapplications have their
own 'home' directory. I want Felix to limit their file system access
only to this home directory and if necessary a few other
specifically assigned directories.
My question: how can I achieve this permission scheme?
Related questions:
* Is specifying permissions limited to specific boundaries? (like:
bundlename, should the bundle specify its own permissions, etc.)
* How can I discriminate different 'categories'/'types' of bundles
* What about signing the bundles? Is this necessary, how to and why?
Before I was used to create my own SecurityManager which would limit
the application programmatic. I don't mind using files or some other
way but I'd like to be in full control.
Is this possible and so yes can you point me (or provide me) some examples?
Regards,
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
