ace-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Martín Cuervo <jo...@martincuervo.com>
Subject ACE parts and security
Date Wed, 15 Jun 2016 20:46:26 GMT
I have several questions:

- Despite I have successfully run the 5 mins getting started demo with the
server-allinone, I suppose production environments divide the installation
into an instance of the OBR, other for the server and finally one for the
client. I was trying to configure every piece but I did not manage. I think
it was mainly because the configuration files, do you have documented each
of the configuration files or should I go through the source code?

- I have also seen several exception when I run OBR, server and client:
gosh: java.lang.IllegalStateException: session is closed
gosh: stopping framework
gogo: IllegalStateException: Invalid BundleContext.
java.lang.IllegalStateException: Invalid BundleContext.
        at
org.apache.felix.framework.BundleContextImpl.checkValidity(BundleCont
extImpl.java:511)
This does not seem to block the execution.

- In the target environments, I was trying to limit the usage of bundles
signed by me. I have tried to have a prototype only with Felix but despite
I have followed these instructions, no success:

http://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html

I have put this content in the policy file:

allow {
[org.osgi.service.condpermadmin.BundleSignerCondition "*" ]
(java.security.AllPermission)
} "all_signed"

java.security.policy: error parsing
file:/C:/dev/felix-framework-5.4.0/all.policy:
        line 1: expected [;], found [allow]
ERROR: Error creating bundle cache. (java.security.AccessControlException:
acces
s denied ("java.io.FilePermission" ".\felix-cache" "read"))

Syntax seem to be fine to me, I have check the OSGi 5 spec (50.2.5)
policy ::= access ’{’ conditions permissions’}’ name?
access ::= ’ALLOW’ | ’DENY’ // case insensitive
conditions ::= ( ’[’ qname quoted-string* ’]’ )*
permissions ::= ( ’(’ qname (quoted-string
quoted-string?)? ’)’ )+
name ::= quoted-string

Have you ever seen similar exception?


Many thanks in advance for this great work in ACE project!!


-- 
____________________________________
Jorge Martin Cuervo

email <jorge@martincuervo.com>
___________________________________

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message