ace-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Willem Janssen <janwillem.jans...@luminis.eu>
Subject Re: ACE parts and security
Date Thu, 16 Jun 2016 09:27:52 GMT
Hi,

> On 15 Jun 2016, at 22:46, Jorge Martín Cuervo <jorge@martincuervo.com> wrote:
> 
> I have several questions:
> 
> - Despite I have successfully run the 5 mins getting started demo with the
> server-allinone, I suppose production environments divide the installation
> into an instance of the OBR, other for the server and finally one for the
> client. I was trying to configure every piece but I did not manage. I think
> it was mainly because the configuration files, do you have documented each
> of the configuration files or should I go through the source code?

I do not think there’s such documentation. However, I did test the distributed
setup a little while ago with success. I can write something down on how to do
this. I’ll get back on this.

> - I have also seen several exception when I run OBR, server and client:
> gosh: java.lang.IllegalStateException: session is closed
> gosh: stopping framework
> gogo: IllegalStateException: Invalid BundleContext.
> java.lang.IllegalStateException: Invalid BundleContext.
>        at
> org.apache.felix.framework.BundleContextImpl.checkValidity(BundleCont
> extImpl.java:511)
> This does not seem to block the execution.

Interesting. This exception most often is caused by a) some code retaining a
bundle context too long (ignoring the bundle lifecycle events). Can you
elaborate a bit on the details of your setup: how are you running the OBR,
server and client and do you perhaps have steps to reproduce this exception?

> - In the target environments, I was trying to limit the usage of bundles
> signed by me. I have tried to have a prototype only with Felix but despite
> I have followed these instructions, no success:
> 
> http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html
> 
> I have put this content in the policy file:
> 
> allow {
> [org.osgi.service.condpermadmin.BundleSignerCondition "*" ]
> (java.security.AllPermission)
> } "all_signed"
> 
> java.security.policy: error parsing
> file:/C:/dev/felix-framework-5.4.0/all.policy:
>        line 1: expected [;], found [allow]
> ERROR: Error creating bundle cache. (java.security.AccessControlException:
> acces
> s denied ("java.io.FilePermission" ".\felix-cache" "read"))
> 
> Syntax seem to be fine to me, I have check the OSGi 5 spec (50.2.5)
> policy ::= access ’{’ conditions permissions’}’ name?
> access ::= ’ALLOW’ | ’DENY’ // case insensitive
> conditions ::= ( ’[’ qname quoted-string* ’]’ )*
> permissions ::= ( ’(’ qname (quoted-string
> quoted-string?)? ’)’ )+
> name ::= quoted-string
> 
> Have you ever seen similar exception?

I’ve to admit that I’ve not run Ace on Felix with a SecurityManager in place
for a long time, so I cannot answer this. Perhaps anybody else lurking on this
list is able to answer this?

HtH,

--
Met vriendelijke groeten | Kind regards

Jan Willem Janssen | Software Architect
+31 631 765 814


My world is something with Amdatu and Apache

Luminis Technologies
Churchillplein 1
7314 BZ  Apeldoorn
+31 88 586 46 00

https://www.luminis.eu

KvK (CoC) 09 16 28 93
BTW (VAT) NL8170.94.441.B.01


Mime
View raw message