felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasan <ha...@trialox.org>
Subject Re: Please help in enabling security
Date Mon, 24 Nov 2008 07:36:53 GMT
Dear Pierre, dear all

Thanks for the file. I use and modify your file (see below). With this 
policy file
however, I cannot install a new bundle. It throwed 
java.net.MalformedURLException:

Welcome to Felix.
=================

-> install 
http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar
java.net.MalformedURLException: Unknown protocol: http

What must be added to the policy file so that it works? Thanks in 
advance for answering.

-- BEGIN of my additional policy file used when starting felix-1.4.0 --
grant codeBase "file:${user.home}/sw/felix-1.4.0/-" {
    permission java.util.PropertyPermission "*", "read,write";
    permission java.io.FilePermission 
"${user.home}/sw/felix-1.4.0/conf/*", "read";
    permission java.io.FilePermission "${user.home}/sw/felix-1.4.0/-", 
"read,write,delete";

//    permission java.io.FilePermission "${user.home}/-", 
"read,write,delete";
    permission java.io.FilePermission "bundle.lastmodified", "read";
    permission java.io.FilePermission "bundle/*", "read";

    permission java.io.FilePermission "./felix-cache", "read,write";
    permission java.io.FilePermission "./felix-cache/-", 
"read,write,delete";

    permission java.net.NetPermission "specifyStreamHandler";
//    permission java.net.SocketPermission "*", "resolve, connect";
    permission java.net.SocketPermission "*", 
"accept,connect,listen,resolve";

    permission java.lang.RuntimePermission "createSecurityManager";
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.lang.RuntimePermission "setFactory";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission 
"accessClassInPackage.sun.reflect";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.lang.RuntimePermission "shutdownHooks";

    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

    permission org.osgi.framework.AdminPermission "*", "lifecycle";
    permission org.osgi.framework.AdminPermission "*", "metadata";
    permission org.osgi.framework.AdminPermission "*", "listener";
    permission org.osgi.framework.AdminPermission "*", "execute";
    permission org.osgi.framework.AdminPermission "*", "startlevel";
    permission org.osgi.framework.AdminPermission "*", "extensionLifecycle";

    permission org.osgi.framework.PackagePermission "*", "export,import";
    permission org.osgi.framework.ServicePermission "*", "register,get";
};

-- END of my additional policy file used when starting felix-1.4.0 --

Kind regards
Hasan
 
Pierre Parrend wrote:
>  Dear Hasan, dear all,
>
> here is a permission file which I used some times ago. You need to adapt it
> to your own configuration, and probably to update it to match the current
> state of the Felix implementation:
>
> grant codeBase "file:$FELIX_HOME/-" {
>
>     permission java.util.PropertyPermission "*", "read,write";
>     permission java.io.FilePermission "$FELIX_HOME/main/conf/*", "read";
>
>     permission java.io.FilePermission "$USER_HOME/-", "read,write,delete";
>     permission java.io.FilePermission "bundle.lastmodified", "read";
>     permission java.io.FilePermission "bundle/*", "read";
>
>     permission java.net.NetPermission "specifyStreamHandler";
>     permission java.net.SocketPermission "*", "resolve, connect";
>
>     permission java.lang.RuntimePermission "createSecurityManager";
>     permission java.lang.RuntimePermission "getProtectionDomain";
>     permission java.lang.RuntimePermission "setFactory";
>     permission java.lang.RuntimePermission "createClassLoader";
>     permission java.lang.RuntimePermission
> "accessClassInPackage.sun.reflect";
>     permission java.lang.RuntimePermission "accessDeclaredMembers";
>     permission java.lang.RuntimePermission "shutdownHooks";
>
>     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
>
>     permission org.osgi.framework.AdminPermission "*", "lifecycle";
>     permission org.osgi.framework.AdminPermission "*", "metadata";
>     permission org.osgi.framework.AdminPermission "*", "listener";
>     permission org.osgi.framework.AdminPermission "*", "execute";
>
>     permission org.osgi.framework.PackagePermission "*", "export";
>     permission org.osgi.framework.ServicePermission "*", "register, get";
> };
>
> When reading the file, I wonder while the PackagePermission is set to
> 'export' only, and do not include 'import'. If you get errors you should add
> it simply.
>
> best regards,
> Pierre
>
> --
> ==============================================================
> Pierre Parrend
> Software Engineering (SE)
> Tel: +49 721 9654 - 620
> Fax: +49 721 9654 - 623
> E-Mail: parrend@fzi.de
>
> ==============================================================
>
> FZI Forschungszentrum Informatik an der Universität Karlsruhe
> Haid-und-Neu-Str. 10-14, 76131 Karlsruhe
> Tel.: +49 721 9654 - 0, Fax: +49 721 9654 - 959
>
> Stiftung des bürgerlichen Rechts
> Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe
>
> Vorstand:
> Prof. Dr.-Ing. Rüdiger Dillmann
> Dipl. Wi.-Ing. Michael Flor
> Prof. Dr. Dr.-Ing. Jivka Ovtcharova
> Prof. Dr. rer. nat. Rudi Studer
>
> Vorsitzender des Kuratoriums:
> Ministerialdirigent Günther Leßnerkraus
>
> ==============================================================
>
>
>
> -----Original Message-----
> From: Hasan [mailto:hasan@trialox.org]
> Sent: Wed 11/19/2008 11:36 AM
> To: users@felix.apache.org
> Subject: Re: Please help in enabling security
>  
> Hi again,
>
> If I put the following line in all.policy
> grant { permission java.security.AllPermission; };
>
> then I can start felix successfully.
> I hope this solve my problem starting felix with security enabled.
>
> Note, that in the slide set "Building Secure OSGi Applications"
> the line reads as follows which I think is wrong:
> grant { permission java.lang.AllPermission };
>
> Regards
> Hasan
>
> Hasan wrote:
>   
>> Dear all
>>
>> We would like to use osgi security mechanism (conditional permission 
>> admin) and thus
>> are trying to enable security when invoking felix (version 1.4.0) as 
>> follows
>>
>> $ java -Djava.security.manager -Djava.security.policy=all.policy -jar 
>> bin/felix.jar
>>
>> There were some AccessControlException which we could fix by adapting 
>> java.policy file
>> In the end however, we got a NullPointerException as shown below.
>>
>> -- BEGIN OF FELIX ERROR MESSAGE --
>> Welcome to Felix.
>> =================
>>
>> ERROR: Unable to start system bundle. (java.lang.NullPointerException: 
>> Specified service reference cannot be null.)
>> java.lang.NullPointerException: Specified service reference cannot be 
>> null.
>>    at 
>>
>>     
> org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.ja
> va:320) 
>   
>>    at 
>>
>>     
> org.apache.felix.main.AutoActivator.processAutoProperties(AutoActivator.java
> :77) 
>   
>>    at org.apache.felix.main.AutoActivator.start(AutoActivator.java:55)
>>    at 
>>
>>     
> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
> 071) 
>   
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at 
>>
>>     
> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
> a:580) 
>   
>>    at 
>>
>>     
> org.apache.felix.framework.Felix$SystemBundleActivator.start(Felix.java:3761
> ) 
>   
>>    at 
>>
>>     
> org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1
> 071) 
>   
>>    at java.security.AccessController.doPrivileged(Native Method)
>>    at 
>>
>>     
> org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav
> a:580) 
>   
>>    at org.apache.felix.framework.Felix.init(Felix.java:849)
>>    at org.apache.felix.framework.Felix.start(Felix.java:881)
>>    at org.apache.felix.main.Main.main(Main.java:213)
>> Could not create framework: java.lang.RuntimeException: Unable to 
>> start system bundle.
>> java.lang.RuntimeException: Unable to start system bundle.
>>    at org.apache.felix.framework.Felix.init(Felix.java:857)
>>    at org.apache.felix.framework.Felix.start(Felix.java:881)
>>    at org.apache.felix.main.Main.main(Main.java:213)
>>
>> -- END OF FELIX ERROR MESSAGE --
>>
>> Any help and tips to enable security and solve this problem is highly 
>> appreciated.
>>
>> Kind regards
>> Hasan
>>
>>     
>
>   

-- 
--trialox ag--------------------------------------

  Hasan Hasan
  Binzmühlestrasse 14
  CH-8050 Zürich
  Tel: 0041-44-63 57577
  Fax: 0041-44-63 57574
  URL: http://www.trialox.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message