22/2011 08:42 PM, jamie campbell wrote:
I've scoured the felix user archives and came across interesting
threads from July 9, 2010 and Oct 4, 2010 on managing permissions
within OSGi.
My needs at the moment are quite simple : What I'm working on is still
in the early stages of development so I want everything to be able to
do everything. Am I correct in assuming that if I don't explicitly
load framework.security, then this is the case? Or, instead, without
framework.security do I end up with a default security model and no
ability to change it. I'm hoping there's a simple way to just Let
Programs Be Free without getting pulled into security complexity just
yet...
If you don't install the Framework Security Provider, then any bundle
can do whatever it wants because security is not being enforced.
From testing with Karaf, it seems that FileInstall has configuration
updating permission for other bundles without ever being explicitly
granted it (even though the OSGi spec says it needs it to be able to
do such operations), so I'm hoping that's a big hint that what I'm
hoping is true is actually true :)
Again, without the security provider installed and security not enabled,
then anyone can do anything. However, even if you install the security
provider and enable security, all bundles have AllPermission until
someone sets an initial security policy. After that, then bundles can
only do whatever they've been granted by the security policy that was
put in place.
-> richard
-Jamie
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
