felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Onslow <robert.ons...@gmail.com>
Subject ConditionalPermissionAdmin tutorial
Date Mon, 14 Sep 2015 13:05:56 GMT
I have managed to piece together the following approach to implementing
security in OSGI.

First, apply some VM arguments:

 -Dorg.osgi.framework.security="osgi" -Dosgi.signedcontent.support=true
-Djava.security.policy=policy.all

Next, install the org.apache.felix.framework bundle
felix.conf:
felix.auto.start.1=file:/boot/org.apache.felix.framework.security-2.4.0.jar

Then it is necessary to create a new bundle with an activator which looks
for a ConditionalPermissionAdmin, on which the permissions will be
registered.


application.security.Activator implements BundleActivator {

 public void start(BundleContext context) {

   ServiceReference<ConditionalPermissionAdmin> ref =
context.getServiceReference(ConditionalPermissionAdmin.class);
 //this is returning null - the Conditional PermissionAdmin service has not
started

 ConditionalPermissionAdmin admin = context.getService(ref);

 List<ConfitionalPermissionInfo> infos =
admin.getConditionalPermissionInfos();

 infos.clear();

 infos.add(admin.newConditionalPermissionInfo("ALLOW
{[BundleSignerCondition \"cn=myorgname\" ] (AllPermission)}"));
 ...
}

Ensure this is started after the security bundle

felix.auto.start.2=file:./boot/myapplication.security_1.0.0.jar

However the ConditionalPermissionAdmin service, which I am expecting to
start, is not starting. The org.apache.felix.framework.security bundle is
listed as "Resolved" but not "Active". The service reference is returning
null.


I think the problem may lie in the fact that
org.apache.felix.framework.security is an "extension£ bundle, not a
"service" bundle. I can find some information about extension bundles in
the OSGI specs but what I can't find are instructions as to how to start a
service in an extension bundle in Felix.

Can anyone help?

Thanks

Robert

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message