geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject OSGi Bundle Permissions on Geronimo
Date Thu, 30 Aug 2012 00:27:24 GMT
I am about to make a enterprise cloud OSGi web-service by using Apache
Geronimo V3.0.

The final goal is to make custom BundleManager(maybe it is a bundle too)
that can do simple bundle action like install/uninstall/start/stop the other
bundles from any users.

Each bundle is WAB(web application bundle) and will be added in some
Application Bundle.

But I encounter some critical problems which can cause security issues.


1. Although only BundleManager I want to make can manage the bundle's
lifecycle by using BundleContext , but any bundles made by some users can
use BundleContext in Activator or any  servlet in their bundles. So, for
example, Bundle A(from user1) can get Bundle B(from user2) from
BundleContext and Bundle A can stop or uninstall Bundle B with no permission
though Bundle A is not BundleManager..


2. I used to run java security manager and manipulate its(Bundle A)
permission. but it didn't properly work. Besides I can access Geronimo Web
Admin console with no login process . I think that allpermission in the
policy file cause this situation.


How can I achieve my goal. I heard that Composite bundle can isolate
bundles, but Geronimo didn't support Composite Bundle(CBA). I really wait
and appreciate all ideas. Thanks for all your help in advance :)

View raw message