ace-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Martín Cuervo <jo...@martincuervo.com>
Subject Re: ACE parts and security
Date Thu, 16 Jun 2016 14:10:42 GMT
Thanks Karl,

looks like I have completely misunderstood the java policy content. I am
going to have a look to the resources you sent.



On Thu, Jun 16, 2016 at 3:58 PM, Karl Pauls <karlpauls@gmail.com> wrote:

> > - In the target environments, I was trying to limit the usage of bundles
> > signed by me. I have tried to have a prototype only with Felix but
> despite
> > I have followed these instructions, no success:
> >
> >
> >
> http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html
>
>
> I'm not sure you followed the instructions there correctly. The
> "all.policy" is the java security policy file and needs to be unchanged
> (ie., it needs to give all permission to *) - see below.
>
>
> >
> > I have put this content in the policy file:
> >
> > allow {
> > [org.osgi.service.condpermadmin.BundleSignerCondition "*" ]
> > (java.security.AllPermission)
> > } "all_signed"
> >
> > java.security.policy: error parsing
> > file:/C:/dev/felix-framework-5.4.0/all.policy:
> >         line 1: expected [;], found [allow]
> > ERROR: Error creating bundle cache.
> (java.security.AccessControlException:
> > acces
> > s denied ("java.io.FilePermission" ".\felix-cache" "read"))
> >
> > Syntax seem to be fine to me, I have check the OSGi 5 spec (50.2.5)
> > policy ::= access ’{’ conditions permissions’}’ name?
> > access ::= ’ALLOW’ | ’DENY’ // case insensitive
> > conditions ::= ( ’[’ qname quoted-string* ’]’ )*
> > permissions ::= ( ’(’ qname (quoted-string
> > quoted-string?)? ’)’ )+
> > name ::= quoted-string
> >
> > Have you ever seen similar exception?
> >
>
> This is the syntax for the OSGi ConditionalPermissionTuple serialization
> format. You can't put that into a java security policy file. If you want to
> do something similar you'd have to provider your own implementation that
> reads such a policy file and uses the ConditionalPermissionAdmin to set-up
> the security policies correctly. You can find (a somewhat useable but very
> simple) example-implementation here:
>
>
> https://github.com/mcculls/osgi-in-action/blob/master/chapter14/combined-example/org.foo.policy/src/org/foo/policy/Activator.java
>
> It might make sense to look at the complete example too:
>
>
> https://github.com/mcculls/osgi-in-action/tree/master/chapter14/combined-example
>
>
> regards,
>
> Karl
>
>
>
>
> > Many thanks in advance for this great work in ACE project!!
> >
> >
> > --
> > ____________________________________
> > Jorge Martin Cuervo
> >
> > email <jorge@martincuervo.com>
> > ___________________________________
> >
>
>
>
> --
> Karl Pauls
> karlpauls@gmail.com
> http://twitter.com/karlpauls
> http://www.linkedin.com/in/karlpauls
> https://profiles.google.com/karlpauls
>



-- 
____________________________________
Jorge Martin Cuervo

email <jorge@martincuervo.com>
____________________________________

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message