felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Pauls <karlpa...@gmail.com>
Subject Re: Problem with Felix security and bundle policies
Date Thu, 23 Jan 2014 12:49:02 GMT
Its very hard to say - if you can make a simple example available to me I
can have a look. Otherwise, if there are no other exceptions/print-outs and
you are sure your rules are syntactically correct and should match then I
don't know either. The one thing to make sure is that you really have the
self signed certificate in that keystore as a _trusted certificate_  -
otherwise it will not work.

regards,

Karl


On Thu, Jan 23, 2014 at 11:59 AM, felixandre <andrea.carlinoa@gmail.com>wrote:

> I had also tried to invert the order of the rules, but without success...
> This is the rule (added before the DENY rule):
>
> ALLOW {
>         [org.osgi.service.condpermadmin.BundleSignerCondition "CN=xxx,
> O=xxx,
> OU=xxx, L=xxxxx C=xx"]
>    ( java.io.FilePermission "*" "read, write")
> } "We allow signed bundles to write file"
>
> Moreover, to be sure, I verified the jar signature with jarsigner -verify
> myjar.jar -verbose -certs and all the fields match. I run Felix with all
> the
> needed properties (afaik):
>
> java -Dorg.osgi.framework.security=osgi -Djava.security.policy=all.policy
> -Dfelix.keystore=file:myks.jks -Dfelix.keystore.pass=mypwd
> -Dfelix.keystore.type=jks -jar bin/felix.jar
>
> The signature was a "selfsigned" signature, could this be the problem? I
> think it isn't, but what can be the problem then?
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903p5006951.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>


-- 
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message