felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Pauls" <karlpa...@gmail.com>
Subject Re: Please help in enabling security
Date Mon, 24 Nov 2008 15:03:58 GMT
Well, this really is starting to go more into the java security model
but as you can see in the slides too the issue seems to be that scr is
on the call stack. You did give your bundle allpermissions but the the
scr bundle -- hence, the exception. Now, given scr allpermission with
scr being on the call stack is more tricky because you have a circular
dependency. The way to solve this is either to give all bundles from a
certain location prefix allpermissions or you need to make sure you do
security sensitive calls in a doPriviledged block. In other words, try
something like:

AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
                ´cpa.addConditionalPermissionInfo(new ConditionInfo[]{
                   new ConditionInfo(BundleLocationCondition.class.getName(),
                   new
String[]{context.getBundleContext().getBundle(1).getLocation()})
               },
               new PermissionInfo[]{
                   new PermissionInfo(
                   AllPermission.class.getName(), "", "")
               });

               // Add other permissions
                return null; // nothing to return
            }
        });


regards,

Karl

On Mon, Nov 24, 2008 at 3:33 PM, Hasan <hasan@trialox.org> wrote:
> Dear Karl,
>
> We tried your suggestions as follows: we add these lines in the activate
> method of our management agent
>
>       cpa.addConditionalPermissionInfo(new ConditionInfo[]{
>                   new ConditionInfo(BundleLocationCondition.class.getName(),
>                   new
> String[]{context.getBundleContext().getBundle().getLocation()})
>               },
>               new PermissionInfo[]{
>                   new PermissionInfo(
>                   AllPermission.class.getName(), "", "")
>               });
>
>       System.out.println("test");
>       cpa.addConditionalPermissionInfo(new ConditionInfo[]{
>                   new ConditionInfo(BundleLocationCondition.class.getName(),
>                   new
> String[]{context.getBundleContext().getBundle(1).getLocation()})
>               },
>               new PermissionInfo[]{
>                   new PermissionInfo(
>                   AllPermission.class.getName(), "", "")
>               });
>
> with the following results:
>
> -> start
> file:///home/hasan/workspaces/trialox/spike/permmgmtagent/target/permmgmt-1.0-SNAPSHOT.jar
> -> Binding ConditionalPermissionAdmin
> Activating PermissionManager
> test
> ERROR: org.example.trialox.permmgmt (6):
> [org.example.trialox.permmgmt.PermissionManager] The activate method has
> thrown an exception
> java.security.AccessControlException: access denied
> (org.osgi.framework.AdminPermission (id=1) metadata)
>   at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>   at
> java.security.AccessController.checkPermission(AccessController.java:546)
>   at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>   at org.apache.felix.framework.BundleImpl.getLocation(BundleImpl.java:159)
>   at
> org.example.trialox.permmgmt.PermissionManager.activate(PermissionManager.java:49)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>   at java.lang.reflect.Method.invoke(Method.java:597)
>   at
> org.apache.felix.scr.impl.ImmediateComponentManager.createImplementationObject(ImmediateComponentManager.java:226)
>   at
> org.apache.felix.scr.impl.ImmediateComponentManager.createComponent(ImmediateComponentManager.java:133)
>   at
> org.apache.felix.scr.impl.AbstractComponentManager.activateInternal(AbstractComponentManager.java:476)
>   at
> org.apache.felix.scr.impl.AbstractComponentManager.enableInternal(AbstractComponentManager.java:398)
>   at
> org.apache.felix.scr.impl.AbstractComponentManager.access$000(AbstractComponentManager.java:36)
>   at
> org.apache.felix.scr.impl.AbstractComponentManager$1.run(AbstractComponentManager.java:99)
>   at
> org.apache.felix.scr.impl.ComponentActorThread.run(ComponentActorThread.java:85)
>
>
> It seems we can give the management agent all permissions but we cannot give
> bundle 1 all permissions.
> Do we miss something here?
>
> We have taken a look at the slide sets from the link. Could we probably have
> access to the codes of those
> tasks mentioned in the slides?
>
> Thanks and best regards
> Hasan
>
> Karl Pauls wrote:
>>
>> Well, you have to understand that as soon as you use (i.e., set
>> permissions) any of the permission services you define the permission
>> space for all bundles. So the first thing for your management agent
>> (i.e., the bundle that you present below) is to give itself
>> allpermission! Next, it probably is a good idea to give allpermission
>> to bundle 1,2, and 4. In case you want to use obr give allpermission
>> to bundle 3 as well. Then you can define the permissions for your
>> other bundles on a more fine grained basis.
>>
>> regards,
>>
>> Karl
>>
>> p.s.: not sure whether this will help you:
>>
>>
>> http://felix.apache.org/site/presentations.data/Building%20Secure%20OSGi%20Applications.pdf
>>
>> On Mon, Nov 24, 2008 at 2:23 PM, Hasan <hasan@trialox.org> wrote:
>>
>>>
>>> Dear Karl
>>>
>>> We have built the framework.security and installed it as a bundle.
>>> Additionally, we have written two bundles: TestBundle and
>>> PermissionManager.
>>> The TestBundle is supposed to be able to create a file if the
>>> PermissionManager
>>> sets the required Permissions.
>>> We use scr to bind the ConditionalPermissionAdmin service in the
>>> PermissionManager.
>>> However, we already got errors when we install and start
>>> PermissionManager.
>>> (the command services in felix listed no service and the command ps in
>>> felix
>>> said
>>> StartLevel service is unavailable).
>>>
>>> Could you please advice what we may have done wrong? what we have to do
>>> before
>>> we may define permissions?
>>>
>>> Please find below the contents of PermissionManager and the output of
>>> felix
>>> session.
>>>
>>> The contents of PermissionManager:
>>> ----------------------------------
>>> package org.example.permmgmt;
>>> import java.io.FilePermission;
>>>
>>> import org.osgi.service.component.ComponentContext;
>>> import org.osgi.service.condpermadmin.BundleLocationCondition;
>>> import org.osgi.service.condpermadmin.ConditionInfo;
>>> import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
>>> import org.osgi.service.permissionadmin.PermissionInfo;
>>>
>>> /**
>>> *
>>> * @scr.component
>>> * @scr.reference name="conditionalPermissionAdmin"
>>> *      cardinality="0..n" policy="dynamic"
>>> *
>>>  interface="org.osgi.service.condpermadmin.ConditionalPermissionAdmin"
>>> *
>>> */
>>> public class PermissionManager {
>>>
>>>  private ConditionalPermissionAdmin cpa;
>>>
>>>  protected void activate(ComponentContext context) throws Exception {
>>>      System.out.println("Activating PermissionManager");
>>>
>>>      if (cpa == null) {
>>>          System.out.println("No ConditionalPermissionAdmin service");
>>>          return;
>>>      }
>>>      cpa.addConditionalPermissionInfo(
>>>              new ConditionInfo[]{
>>>                  new ConditionInfo(
>>>                  BundleLocationCondition.class.getName(),
>>>                  new
>>>
>>> String[]{"file:/home/hasan/workspaces/testbundle1/target/testbundle1-1.0-SNAPSHOT.jar"})
>>>              },
>>>              new PermissionInfo[]{
>>>                  new PermissionInfo(
>>>                  FilePermission.class.getName(), "helloWorld.txt",
>>> "write")
>>>              });
>>>      System.out.println("cpi added");
>>>  }
>>>
>>>  protected void bindConditionalPermissionAdmin(ConditionalPermissionAdmin
>>> cpa) {
>>>      System.out.println("Binding ConditionalPermissionAdmin");
>>>      this.cpa = cpa;
>>>  }
>>>
>>>  protected void
>>> unbindConditionalPermissionAdmin(ConditionalPermissionAdmin
>>> cpa) {
>>>      this.cpa = null;
>>>  }
>>> }
>>>
>>>
>>>
>>> And the output of felix:
>>> ------------------------
>>> Welcome to Felix.
>>> =================
>>>
>>> -> ps
>>> START LEVEL 1
>>>  ID   State         Level  Name
>>> [   0] [Active     ] [    0] System Bundle (1.4.0)
>>> [   1] [Active     ] [    1] Apache Felix Shell Service (1.0.2)
>>> [   2] [Active     ] [    1] Apache Felix Shell TUI (1.0.2)
>>> [   3] [Active     ] [    1] Apache Felix Bundle Repository (1.2.1)
>>> -> start
>>>
>>> http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar
>>> -> start
>>>
>>> file:///home/hasan/workspaces/framework.security/target/org.apache.felix.framework.security-0.9.0-SNAPSHOT.jar
>>> -> ps
>>> START LEVEL 1
>>>  ID   State         Level  Name
>>> [   0] [Active     ] [    0] System Bundle (1.4.0)
>>> [   1] [Active     ] [    1] Apache Felix Shell Service (1.0.2)
>>> [   2] [Active     ] [    1] Apache Felix Shell TUI (1.0.2)
>>> [   3] [Active     ] [    1] Apache Felix Bundle Repository (1.2.1)
>>> [   4] [Active     ] [    1] Apache Felix Declarative Services (1.0.6)
>>> [   5] [Resolved   ] [    1] Apache Felix Security Provider
>>> (0.9.0.SNAPSHOT)
>>> -> services
>>>
>>> System Bundle (0) provides:
>>> ---------------------------
>>> org.osgi.service.startlevel.StartLevel
>>> org.osgi.service.packageadmin.PackageAdmin
>>> org.osgi.service.permissionadmin.PermissionAdmin
>>> org.osgi.service.condpermadmin.ConditionalPermissionAdmin
>>>
>>> Apache Felix Shell Service (1) provides:
>>> ----------------------------------------
>>> org.apache.felix.shell.ShellService,
>>> org.ungoverned.osgi.service.shell.ShellService
>>>
>>> Apache Felix Bundle Repository (3) provides:
>>> --------------------------------------------
>>> org.osgi.service.obr.RepositoryAdmin
>>>
>>> Apache Felix Declarative Services (4) provides:
>>> -----------------------------------------------
>>> org.apache.felix.scr.ScrService
>>> -> start
>>>
>>> file:///home/hasan/workspaces/permmgmtagent/target/permmgmt-1.0-SNAPSHOT.jar
>>> -> Binding ConditionalPermissionAdmin
>>> Activating PermissionManager
>>>
>>> -> services
>>> -> ps
>>> StartLevel service is unavailable.
>>>  ID   State        Name
>>> ShellTui: java.security.AccessControlException: access denied
>>> (org.osgi.framework.AdminPermission (id=0) metadata)
>>> java.security.AccessControlException: access denied
>>> (org.osgi.framework.AdminPermission (id=0) metadata)
>>>  at
>>>
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>  at
>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>  at org.apache.felix.framework.Felix.getHeaders(Felix.java:480)
>>>  at org.apache.felix.framework.Felix.getHeaders(Felix.java:471)
>>>  at
>>> org.apache.felix.shell.impl.PsCommandImpl.execute(PsCommandImpl.java:128)
>>>  at
>>>
>>> org.apache.felix.shell.impl.Activator$ExecutePrivileged.run(Activator.java:365)
>>>  at java.security.AccessController.doPrivileged(Native Method)
>>>  at
>>>
>>> org.apache.felix.shell.impl.Activator$ShellServiceImpl.executeCommand(Activator.java:264)
>>>  at
>>>
>>> org.apache.felix.shell.tui.Activator$ShellTuiRunnable.run(Activator.java:167)
>>>  at java.lang.Thread.run(Thread.java:619)
>>>
>>>
>>> Thanks and kind regards
>>> Hasan
>>>
>>>
>>>
>>> Hasan wrote:
>>>
>>>>
>>>> Dear Karl, dear Pierre,
>>>>
>>>> Thanks for the prompt reply.
>>>> I will try Karl's suggestion.
>>>>
>>>> Best regards
>>>> Hasan
>>>>
>>>> Karl Pauls wrote:
>>>>
>>>>>
>>>>> Hello Hasan,
>>>>>
>>>>> the framework needs allpermission. That is what the OSGi specification
>>>>> requires. It might be possible to limit it to specific permissions but
>>>>> it wouldn't be much left. Now, when the framework has allpermissions
>>>>> that doesn't have to imply that bundles have allpermissions as well.
>>>>> However, at the moment that is the case if you use the standard felix
>>>>> only. What you would have to do is to use the PermissionAdmin service
>>>>> or the ConditionalPermissionAdmin service to set the permissions for
a
>>>>> bundle.
>>>>>
>>>>> Problem is, we don't have released versions of the two services. We do
>>>>> have some implementations in trunk but they are in an alpha state. In
>>>>> case you want to give it a try: build the framework.security
>>>>> subproject (in trunk/framework.security) and install the resulting
>>>>> artifact as a bundle into felix. That will make the two services
>>>>> available. See the core spec for how to use them.
>>>>>
>>>>> regards,
>>>>>
>>>>> Karl
>>>>>
>>>>> On Mon, Nov 24, 2008 at 10:50 AM, Hasan <hasan@trialox.org> wrote:
>>>>>
>>>>>
>>>>>>
>>>>>> Thanks Pierre,
>>>>>>
>>>>>> My intention is just to give as many permissions as necessary to
>>>>>> felix,
>>>>>> but
>>>>>> not all.
>>>>>> Thus, I assume there must be a way to define permissions for felix
so
>>>>>> that
>>>>>> it can install
>>>>>> a new bundle without throwing exceptions. Since, if I gave felix
all
>>>>>> permissions there
>>>>>> is no such exception thrown.
>>>>>>
>>>>>> Kind regards
>>>>>> Hasan
>>>>>>
>>>>>> Pierre Parrend wrote:
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Dear Hassan,
>>>>>>>
>>>>>>> with the permissions, you have to define a specific URL Handler
for
>>>>>>> the
>>>>>>> http protocol. See the class org.apache.felix.framework.URLHandlers
>>>>>>> (from my
>>>>>>> memory, the name may be slighty different) for examples for other
>>>>>>> protocols.
>>>>>>>
>>>>>>> I have an implementation on another computer, you should manage
to
>>>>>>> adapt
>>>>>>> the code yourself, otherwise I can look for my old code.
>>>>>>>
>>>>>>> best regards,
>>>>>>> Pierre
>>>>>>>
>>>>>>> Hasan wrote:
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Dear Pierre, dear all
>>>>>>>>
>>>>>>>> Thanks for the file. I use and modify your file (see below).
With
>>>>>>>> this
>>>>>>>> policy file
>>>>>>>> however, I cannot install a new bundle. It throwed
>>>>>>>> java.net.MalformedURLException:
>>>>>>>>
>>>>>>>> Welcome to Felix.
>>>>>>>> =================
>>>>>>>>
>>>>>>>> -> install
>>>>>>>>
>>>>>>>>
>>>>>>>> http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar
>>>>>>>> java.net.MalformedURLException: Unknown protocol: http
>>>>>>>>
>>>>>>>> What must be added to the policy file so that it works? Thanks
in
>>>>>>>> advance
>>>>>>>> for answering.
>>>>>>>>
>>>>>>>> -- BEGIN of my additional policy file used when starting
felix-1.4.0
>>>>>>>> --
>>>>>>>> grant codeBase "file:${user.home}/sw/felix-1.4.0/-" {
>>>>>>>>  permission java.util.PropertyPermission "*", "read,write";
>>>>>>>>  permission java.io.FilePermission
>>>>>>>> "${user.home}/sw/felix-1.4.0/conf/*",
>>>>>>>> "read";
>>>>>>>>  permission java.io.FilePermission "${user.home}/sw/felix-1.4.0/-",
>>>>>>>> "read,write,delete";
>>>>>>>>
>>>>>>>> //    permission java.io.FilePermission "${user.home}/-",
>>>>>>>> "read,write,delete";
>>>>>>>>  permission java.io.FilePermission "bundle.lastmodified",
"read";
>>>>>>>>  permission java.io.FilePermission "bundle/*", "read";
>>>>>>>>
>>>>>>>>  permission java.io.FilePermission "./felix-cache", "read,write";
>>>>>>>>  permission java.io.FilePermission "./felix-cache/-",
>>>>>>>> "read,write,delete";
>>>>>>>>
>>>>>>>>  permission java.net.NetPermission "specifyStreamHandler";
>>>>>>>> //    permission java.net.SocketPermission "*", "resolve,
connect";
>>>>>>>>  permission java.net.SocketPermission "*",
>>>>>>>> "accept,connect,listen,resolve";
>>>>>>>>
>>>>>>>>  permission java.lang.RuntimePermission "createSecurityManager";
>>>>>>>>  permission java.lang.RuntimePermission "getProtectionDomain";
>>>>>>>>  permission java.lang.RuntimePermission "setFactory";
>>>>>>>>  permission java.lang.RuntimePermission "createClassLoader";
>>>>>>>>  permission java.lang.RuntimePermission
>>>>>>>> "accessClassInPackage.sun.reflect";
>>>>>>>>  permission java.lang.RuntimePermission "accessDeclaredMembers";
>>>>>>>>  permission java.lang.RuntimePermission "shutdownHooks";
>>>>>>>>
>>>>>>>>  permission java.lang.reflect.ReflectPermission
>>>>>>>> "suppressAccessChecks";
>>>>>>>>
>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "lifecycle";
>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "metadata";
>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "listener";
>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "execute";
>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "startlevel";
>>>>>>>>  permission org.osgi.framework.AdminPermission "*",
>>>>>>>> "extensionLifecycle";
>>>>>>>>
>>>>>>>>  permission org.osgi.framework.PackagePermission "*",
>>>>>>>> "export,import";
>>>>>>>>  permission org.osgi.framework.ServicePermission "*",
>>>>>>>> "register,get";
>>>>>>>> };
>>>>>>>>
>>>>>>>> -- END of my additional policy file used when starting felix-1.4.0
>>>>>>>> --
>>>>>>>>
>>>>>>>> Kind regards
>>>>>>>> Hasan
>>>>>>>>
>>>>>>>> Pierre Parrend wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>  Dear Hasan, dear all,
>>>>>>>>>
>>>>>>>>> here is a permission file which I used some times ago.
You need to
>>>>>>>>> adapt
>>>>>>>>> it
>>>>>>>>> to your own configuration, and probably to update it
to match the
>>>>>>>>> current
>>>>>>>>> state of the Felix implementation:
>>>>>>>>>
>>>>>>>>> grant codeBase "file:$FELIX_HOME/-" {
>>>>>>>>>
>>>>>>>>>  permission java.util.PropertyPermission "*", "read,write";
>>>>>>>>>  permission java.io.FilePermission "$FELIX_HOME/main/conf/*",
>>>>>>>>> "read";
>>>>>>>>>
>>>>>>>>>  permission java.io.FilePermission "$USER_HOME/-",
>>>>>>>>> "read,write,delete";
>>>>>>>>>  permission java.io.FilePermission "bundle.lastmodified",
"read";
>>>>>>>>>  permission java.io.FilePermission "bundle/*", "read";
>>>>>>>>>
>>>>>>>>>  permission java.net.NetPermission "specifyStreamHandler";
>>>>>>>>>  permission java.net.SocketPermission "*", "resolve,
connect";
>>>>>>>>>
>>>>>>>>>  permission java.lang.RuntimePermission "createSecurityManager";
>>>>>>>>>  permission java.lang.RuntimePermission "getProtectionDomain";
>>>>>>>>>  permission java.lang.RuntimePermission "setFactory";
>>>>>>>>>  permission java.lang.RuntimePermission "createClassLoader";
>>>>>>>>>  permission java.lang.RuntimePermission
>>>>>>>>> "accessClassInPackage.sun.reflect";
>>>>>>>>>  permission java.lang.RuntimePermission "accessDeclaredMembers";
>>>>>>>>>  permission java.lang.RuntimePermission "shutdownHooks";
>>>>>>>>>
>>>>>>>>>  permission java.lang.reflect.ReflectPermission
>>>>>>>>> "suppressAccessChecks";
>>>>>>>>>
>>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "lifecycle";
>>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "metadata";
>>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "listener";
>>>>>>>>>  permission org.osgi.framework.AdminPermission "*", "execute";
>>>>>>>>>
>>>>>>>>>  permission org.osgi.framework.PackagePermission "*",
"export";
>>>>>>>>>  permission org.osgi.framework.ServicePermission "*",
"register,
>>>>>>>>> get";
>>>>>>>>> };
>>>>>>>>>
>>>>>>>>> When reading the file, I wonder while the PackagePermission
is set
>>>>>>>>> to
>>>>>>>>> 'export' only, and do not include 'import'. If you get
errors you
>>>>>>>>> should
>>>>>>>>> add
>>>>>>>>> it simply.
>>>>>>>>>
>>>>>>>>> best regards,
>>>>>>>>> Pierre
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> ==============================================================
>>>>>>>>> Pierre Parrend
>>>>>>>>> Software Engineering (SE)
>>>>>>>>> Tel: +49 721 9654 - 620
>>>>>>>>> Fax: +49 721 9654 - 623
>>>>>>>>> E-Mail: parrend@fzi.de
>>>>>>>>>
>>>>>>>>> ==============================================================
>>>>>>>>>
>>>>>>>>> FZI Forschungszentrum Informatik an der Universität
Karlsruhe
>>>>>>>>> Haid-und-Neu-Str. 10-14, 76131 Karlsruhe
>>>>>>>>> Tel.: +49 721 9654 - 0, Fax: +49 721 9654 - 959
>>>>>>>>>
>>>>>>>>> Stiftung des bürgerlichen Rechts
>>>>>>>>> Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe
>>>>>>>>>
>>>>>>>>> Vorstand:
>>>>>>>>> Prof. Dr.-Ing. Rüdiger Dillmann
>>>>>>>>> Dipl. Wi.-Ing. Michael Flor
>>>>>>>>> Prof. Dr. Dr.-Ing. Jivka Ovtcharova
>>>>>>>>> Prof. Dr. rer. nat. Rudi Studer
>>>>>>>>>
>>>>>>>>> Vorsitzender des Kuratoriums:
>>>>>>>>> Ministerialdirigent Günther Leßnerkraus
>>>>>>>>>
>>>>>>>>> ==============================================================
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Hasan [mailto:hasan@trialox.org]
>>>>>>>>> Sent: Wed 11/19/2008 11:36 AM
>>>>>>>>> To: users@felix.apache.org
>>>>>>>>> Subject: Re: Please help in enabling security
>>>>>>>>>  Hi again,
>>>>>>>>>
>>>>>>>>> If I put the following line in all.policy
>>>>>>>>> grant { permission java.security.AllPermission; };
>>>>>>>>>
>>>>>>>>> then I can start felix successfully.
>>>>>>>>> I hope this solve my problem starting felix with security
enabled.
>>>>>>>>>
>>>>>>>>> Note, that in the slide set "Building Secure OSGi Applications"
>>>>>>>>> the line reads as follows which I think is wrong:
>>>>>>>>> grant { permission java.lang.AllPermission };
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Hasan
>>>>>>>>>
>>>>>>>>> Hasan wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Dear all
>>>>>>>>>>
>>>>>>>>>> We would like to use osgi security mechanism (conditional
>>>>>>>>>> permission
>>>>>>>>>> admin) and thus
>>>>>>>>>> are trying to enable security when invoking felix
(version 1.4.0)
>>>>>>>>>> as
>>>>>>>>>> follows
>>>>>>>>>>
>>>>>>>>>> $ java -Djava.security.manager -Djava.security.policy=all.policy
>>>>>>>>>> -jar
>>>>>>>>>> bin/felix.jar
>>>>>>>>>>
>>>>>>>>>> There were some AccessControlException which we could
fix by
>>>>>>>>>> adapting
>>>>>>>>>> java.policy file
>>>>>>>>>> In the end however, we got a NullPointerException
as shown below.
>>>>>>>>>>
>>>>>>>>>> -- BEGIN OF FELIX ERROR MESSAGE --
>>>>>>>>>> Welcome to Felix.
>>>>>>>>>> =================
>>>>>>>>>>
>>>>>>>>>> ERROR: Unable to start system bundle.
>>>>>>>>>> (java.lang.NullPointerException:
>>>>>>>>>> Specified service reference cannot be null.)
>>>>>>>>>> java.lang.NullPointerException: Specified service
reference cannot
>>>>>>>>>> be
>>>>>>>>>> null.
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.ja
>>>>>>>>> va:320)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.main.AutoActivator.processAutoProperties(AutoActivator.java
>>>>>>>>> :77)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at
>>>>>>>>>> org.apache.felix.main.AutoActivator.start(AutoActivator.java:55)
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
>>>>>>>>> 071)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at java.security.AccessController.doPrivileged(Native
Method)
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
>>>>>>>>> a:580)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.Felix$SystemBundleActivator.start(Felix.java:3761
>>>>>>>>> )
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
>>>>>>>>> 071)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at java.security.AccessController.doPrivileged(Native
Method)
>>>>>>>>>>  at
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
>>>>>>>>> a:580)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  at org.apache.felix.framework.Felix.init(Felix.java:849)
>>>>>>>>>>  at org.apache.felix.framework.Felix.start(Felix.java:881)
>>>>>>>>>>  at org.apache.felix.main.Main.main(Main.java:213)
>>>>>>>>>> Could not create framework: java.lang.RuntimeException:
Unable to
>>>>>>>>>> start
>>>>>>>>>> system bundle.
>>>>>>>>>> java.lang.RuntimeException: Unable to start system
bundle.
>>>>>>>>>>  at org.apache.felix.framework.Felix.init(Felix.java:857)
>>>>>>>>>>  at org.apache.felix.framework.Felix.start(Felix.java:881)
>>>>>>>>>>  at org.apache.felix.main.Main.main(Main.java:213)
>>>>>>>>>>
>>>>>>>>>> -- END OF FELIX ERROR MESSAGE --
>>>>>>>>>>
>>>>>>>>>> Any help and tips to enable security and solve this
problem is
>>>>>>>>>> highly
>>>>>>>>>> appreciated.
>>>>>>>>>>
>>>>>>>>>> Kind regards
>>>>>>>>>> Hasan
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> --trialox ag--------------------------------------
>>>>>>
>>>>>>  Hasan Hasan
>>>>>>  Binzmühlestrasse 14
>>>>>>  CH-8050 Zürich
>>>>>>  Tel: 0041-44-63 57577
>>>>>>  Fax: 0041-44-63 57574
>>>>>>  URL: http://www.trialox.ch
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>>>>>> For additional commands, e-mail: users-help@felix.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>> --
>>> --trialox ag--------------------------------------
>>>
>>>  Hasan Hasan
>>>  Binzmühlestrasse 14
>>>  CH-8050 Zürich
>>>  Tel: 0041-44-63 57577
>>>  Fax: 0041-44-63 57574
>>>  URL: http://www.trialox.ch
>>>
>>>
>>>
>>
>>
>>
>>
>
> --
> --trialox ag--------------------------------------
>
>  Hasan Hasan
>  Binzmühlestrasse 14
>  CH-8050 Zürich
>  Tel: 0041-44-63 57577
>  Fax: 0041-44-63 57574
>  URL: http://www.trialox.ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>



-- 
Karl Pauls
karlpauls@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message