felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Felix > Apache Felix Framework Security
Date Fri, 25 Feb 2011 11:32:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/1/_/styles/combined.css?spaceKey=FELIX&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security">Apache
Felix Framework Security</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~karlpauls">Karl
Pauls</a>
    </h4>
        <br/>
                         <h4>Changes (4)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >Support for the OSGi r4.2 security
specifications including PermissionAdmin and ConditionalPermissionAdmin is provided by the
framework.security extension bundle. The bundle provides both, the packages as well as the
services when it is installed.  <br> <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">{note}For
now, the extension bundle is not yet released (you can find it in trunk/framework.security)
and only works with the latest framework trunk version.{note} <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">All
that needs to be done is to install the org.apache.felix.framework.security bundle into the
framework.  <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">All
that needs to be done is to install the org.apache.felix.framework.security-0.9.0-SNAPSHOT.jar
bundle into the framework.  <br> <br></td></tr>
            <tr><td class="diff-unchanged" >h1. Using security <br> <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >================ <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >-&gt; install <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">file:org.apache.felix.framework.security-0.9.0-SNAPSHOT.jar</span>
<span class="diff-added-words"style="background-color: #dfd;">file:org.apache.felix.framework.security.jar</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >-&gt; inspect s c 0 <br>System
Bundle (0) provides services: <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <p>The Felix Framework Security subproject is an implementation of the security
part of the OSGi R4.2 core specification.</p>

<h1><a name="ApacheFelixFrameworkSecurity-Installing"></a>Installing</h1>

<p>Support for the OSGi r4.2 security specifications including PermissionAdmin and ConditionalPermissionAdmin
is provided by the framework.security extension bundle. The bundle provides both, the packages
as well as the services when it is installed. </p>

<p>All that needs to be done is to install the org.apache.felix.framework.security bundle
into the framework. </p>

<h1><a name="ApacheFelixFrameworkSecurity-Usingsecurity"></a>Using security</h1>

<p>Besides installing the security bundle three properties should be specified:</p>
<ul>
	<li>org.osgi.framework.security="osgi"</li>
	<li>java.security.policy=all.policy</li>
	<li>org.osgi.framework.trust.repositories=&lt;list of keystores)</li>
</ul>


<p>The first installs a security manager on framework init (which in combination with
the installed security bundle enables security). </p>

<p>The second, points to a security policy file that gives allpermission like so,</p>

<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>all.policy</b></div><div class="codeContent
panelContent">
<pre class="code-java">
grant {
 permission java.security.AllPermission;
};
</pre>
</div></div>

<p>The third, allows to specify a File.pathseparater separated list of JKS keystores
without a password. The certificates found inside the keystores are the trusted root certificates
of the framework (setting this property is optional). </p>

<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>Example</b></div><div class="codeContent
panelContent">
<pre class="code-java">
$ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security=<span class="code-quote">"osgi"</span>
-jar bin/felix.jar

Welcome to Felix
================

-&gt; install file:org.apache.felix.framework.security.jar
-&gt; inspect s c 0
<span class="code-object">System</span> Bundle (0) provides services:
------------------------------------
objectClass = org.osgi.service.startlevel.StartLevel
service.id = 1
----
objectClass = org.osgi.service.packageadmin.PackageAdmin
service.id = 2
----
objectClass = org.osgi.service.permissionadmin.PermissionAdmin
service.id = 3
----
objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin
service.id = 4

</pre>
</div></div>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=11173950&revisedVersion=3&originalVersion=2">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message