Return-Path: Delivered-To: apmail-avalon-dev-archive@www.apache.org Received: (qmail 1314 invoked from network); 27 Feb 2004 22:57:42 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 27 Feb 2004 22:57:42 -0000 Received: (qmail 94800 invoked by uid 500); 27 Feb 2004 22:57:26 -0000 Delivered-To: apmail-avalon-dev-archive@avalon.apache.org Received: (qmail 94778 invoked by uid 500); 27 Feb 2004 22:57:26 -0000 Mailing-List: contact dev-help@avalon.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Avalon Developers List" Reply-To: "Avalon Developers List" Delivered-To: mailing list dev@avalon.apache.org Received: (qmail 94762 invoked from network); 27 Feb 2004 22:57:26 -0000 Received: from unknown (HELO smtp.noos.fr) (212.198.2.120) by daedalus.apache.org with SMTP; 27 Feb 2004 22:57:26 -0000 Received: (qmail 11560 invoked by uid 0); 27 Feb 2004 22:57:31 -0000 Received: from unknown (HELO apache.org) ([212.198.17.4]) (envelope-sender ) by 212.198.2.120 (qmail-ldap-1.03) with SMTP for ; 27 Feb 2004 22:57:31 -0000 Message-ID: <403FCC19.6050700@apache.org> Date: Sat, 28 Feb 2004 00:00:41 +0100 From: Stephen McConnell User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Avalon Developers List Subject: [security] general updates Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Over the last few days I have committed a bunch of updates to the repository, activation, and composition package that enable the following: * Declaration in a kernel configuration of a bunch of permissions granted by a system to a runtime. The permissions assigned by the kernel are accessible though the SystemContext (available to all model implementations). E.g. SystemContext system = context.getSystemContext(); SecurityModel security = system.getSecurityModel(); Permission[] permissions = security.getPermissions(); * the ability to declare requested permissions on a component using an @avalon.security.permission tag. These permission are exposed on a component Type instance. For example: Type type = componentModel.getType(); SecurityDescriptor security = type.getSecurity(); PermissionDescriptor[] permissions = security.getPermissions(); The next item on the agenda is to establish a deployment failure when the available permissions do not encompass the permissions requested by a component. Following this we will need to introduce the ability to declare overriding security profiles via a local system configuration (override targets). This is partly in place but still needs a little more work to integrate the solution into the class loader model creation methods. Also I'm interested in getting in place permission profiles (suggested by Niclas) so that we can more easily manage different security scenarios. Cheers, Stephen. -- |------------------------------------------------| | Magic by Merlin | | Production by Avalon | | | | http://avalon.apache.org/merlin | | http://dpml.net/merlin/distributions/latest | |------------------------------------------------| --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org For additional commands, e-mail: dev-help@avalon.apache.org