I am about to make a enterprise cloud OSGi web-service by using Apache Geronimo V3.0.

The final goal is to make custom BundleManager(maybe it is a bundle too) that can do simple bundle action like install/uninstall/start/stop the other bundles from any users.

Each bundle is WAB(web application bundle) and will be added in some Application Bundle.

But I encounter some critical problems which can cause security issues.


1. Although only BundleManager I want to make can manage the bundle's lifecycle by using BundleContext , but any bundles made by some users can use BundleContext in Activator or any  servlet in their bundles. So, for example, Bundle A(from user1) can get Bundle B(from user2) from BundleContext and Bundle A can stop or uninstall Bundle B with no permission though Bundle A is not BundleManager..


2. I used to run java security manager and manipulate its(Bundle A) permission. but it didn't properly work. Besides I can access Geronimo Web Admin console with no login process . I think that allpermission in the policy file cause this situation.


How can I achieve my goal. I heard that Composite bundle can isolate bundles, but Geronimo didn't support Composite Bundle(CBA). I really wait and appreciate all ideas. Thanks for all your help in advance :)