Karl,
Thanks for the info.
As I have a Safari Books subscription, I checked back and skimmed chapter 14 and found it to be a
very good coverage of the security system.
Do you get paid for each read of your book in Safari Books Online :-) ?
I will work my way through the info presented,
Regards
Paul
On 15/04/2016 8:33 PM, Karl Pauls wrote:
Hi,
Any of the tutorial/slideshare/examples etc. I could find are very old.
there are some examples that should still work here:
https://github.com/mcculls/osgi-in-action/tree/master/chapter14/combined-example
Is OSGi security being used currently or is there a new preferred approach?
It is used but not too much.
When attempting to use the felix framework security bundle it is unclear
what happens with the jvm security manager.
It is not unclear if you look at the Spec :-)
From
http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html
it seems that a securitymanager is not necessary.
It is, however, -Dorg.osgi.framework.security="osgi" will set a default
security manager automagically (as per the spec).
If the felix bundle is used without setting a security manager
System.getSecurityManager() returns null.
Well, yes - if there is no SecurityManager there is no SecurityManager.
Again, if the framework is started with
-Dorg.osgi.framework.security="osgi" it will set a default one. As a
special Felix feature, you can specify your own SecurityManager by either
setting it the normal Java way (in which case you have to _not_
specific -Dorg.osgi.framework.security="osgi") or iirc, set
-Dorg.osgi.framework.security="<security-manager-classname-in-the-framework-classpath".
Is it intended that the felix bundle needs a security manager set?
The felix.framework.security bundle doesn't need a security manager as such
(iirc). However, the framework itself will not instigate permission checks
unless there is a SecurityManager set (hence, having the security bundle
around is rather pointless in that case).
Any assistance in this area, which seems to be bypassed by many OSGi
developers, would be most appreciated.
Yeah, it is not used that much - I guess part of the problem is a bit of a
catch-22 but although, it probably only makes sense if you really need it
(as security in Java in general is a bit of a PITA). Probably your best
bet on material is the spec itself and the examples/book above. Feel free
to ask questions on this list as well - I'll try to answer them...
regards,
Karl
Regards
Paul Fraser
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
