Thanks, that does answer my question.
On Wed, Sep 21, 2016 at 5:17 PM, Karl Pauls <[email protected]> wrote: > I guess I'm not 100% sure I understand what you are asking exactly. Let me > first try to explain what the different options are and then try to answer > what I think you are asking. > > If there is a security manager installed the framework will do permission > checks where the spec mandates it. However, assuming you didn't install the > framework.security provider, all bundles will have AllPermission by default > -- except, if you have set felix.security.defaultpolicy=true. In that > case, your security policy will be consulted for bundles as well. > > Hence, if you want behavior just as some ordinary library in an application > with a security manager you probably want to _not_ install the > framework.security provider and set felix.security.defaultpolicy=true > (either as a -D property or as one passed to the felix constructor). That > in turn will make it so that you _do_ get permission checks triggered from > Felix as well as potentially from bundles which you can grant (or deny by > omission, respectively) via your security policy. > > Otherwise, if you just don't want failing permission checks then, don't > install the framework.security provider and _don't_ set > felix.security.defaultpolicy. > That will make it so that you _do_ get permission checks triggered from > Felix as well as potentially from bundles but at least bundles will have > AllPermission by default (hence, all you need to do in your policy is to > give felix.jar and your external code that calls into Felix permissions). > > If, on the other hand, you don't want _any_ permission checks triggered by > felix despite a security manage being around the answer is: no - thats not > possible. > > regards, > > Karl > > On Wed, Sep 21, 2016 at 10:48 PM, Benson Margulies <[email protected]> > wrote: > >> I'd like to run a Felix container as if it was just some ordinary >> piece of an application inside of a security manager; I don't want any >> security manager checks or behaviors from the container. Can I do >> this, or does the container always interact with the SecurityManager >> if there is one? >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > > -- > Karl Pauls > [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
