felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Pauls (JIRA)" <j...@apache.org>
Subject [jira] Commented: (FELIX-21) Re-implement Java permission security mechanism to use ProtectionDomains
Date Fri, 21 Jul 2006 10:45:15 GMT
    [ http://issues.apache.org/jira/browse/FELIX-21?page=comments#action_12422611 ] 
Karl Pauls commented on FELIX-21:

The security checks with respect to the R4 spec are implemented now with the exception of
PackagePermission.EXPORT that lacks support in the module-layer. The approach is modified
to do as many checks outside the core as possible (they are in BundleImpl, BundleContextImpl,
PackageAdminImpl, StartLevelImpl, and SystemBundle now). It is possible to run the framework
with security enabled and grant permissions based on code sources. 

The next thing to do is to provide support for protection domains inside the module-layer
and then use them instead of the code sources. Then we can look into getting signed bundles
to work and implement the needed checks for certificate properties in AdminPermission. 

Eventually, we need to implement/revisit PermissionAdmin and ConditionalPermissionAdmin. Furthermore,
support for the new permissions that regard optional aspects of the spec will be added as
soon as we support the optional aspects. 

> Re-implement Java permission security mechanism to use ProtectionDomains
> ------------------------------------------------------------------------
>                 Key: FELIX-21
>                 URL: http://issues.apache.org/jira/browse/FELIX-21
>             Project: Felix
>          Issue Type: Improvement
>          Components: Specification compliance, Framework
>            Reporter: Richard S. Hall
> Currently, Felix security has not been ported forward from old code, although much of
it remains in place, but it is commented out. There have been some changes with respect to
the R4 spec that need to be addressed, but it probably also makes sense to change the previous
approach of code sources to protection domains. I believe this approach will improve our ability
to deal with assigning default permissions as well as supporting dynamic permissions.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message