Hello. When the org.osgi.framework.security property is set to "osgi", Felix will install the standard SecurityManager. If a security manager is already installed and this property is set, Felix will throw an exception on startup.
The standard J2SE security manager has historically been missing a
couple of extra checks that can control the creation of threads. An
updated security manager that adds in these missing checks is trivial:
public final class ExtraSecurityManager extends SecurityManager
{
ExtraSecurityManager()
{
}
@Override public void checkAccess(
final @Nullable Thread t)
{
this.checkPermission(new RuntimePermission("modifyThread"));
}
@Override public void checkAccess(
final @Nullable ThreadGroup g)
{
this.checkPermission(new RuntimePermission("modifyThreadGroup"));
}
}
With the above, code needs the given RuntimePermission values to
create or stop threads.
However... If an application installs an instance of
ExtraSecurityManager before starting Felix, an exception will be thrown
as mentioned above. This can be worked around by simply _not_ setting
the org.osgi.framework.security property. Are there any other
consequences for not setting this property? Is there a better way to
tell Felix that we want a custom security manager?
M
pgpcv5A4aMqU6.pgp
Description: OpenPGP digital signature
