karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Achim Nierbeck (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-3400) Enabling Java System Security and OSGi security leaves Karaf in unusable state
Date Thu, 04 Dec 2014 21:31:13 GMT
Achim Nierbeck created KARAF-3400:
-------------------------------------

             Summary: Enabling Java System Security and OSGi security leaves Karaf in unusable
state
                 Key: KARAF-3400
                 URL: https://issues.apache.org/jira/browse/KARAF-3400
             Project: Karaf
          Issue Type: Bug
          Components: karaf-core
    Affects Versions: 4.0.0.M1, 3.0.2
            Reporter: Achim Nierbeck


It seems to boil down to the new functionalities of OSGi, like Bundle Adapt fails with the
default security configuration 

{code}
java.security.AccessControlException: access denied ("org.osgi.framework.AdaptPermission"
"org.osgi.framework.wiring.BundleRevision" "adapt")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
	at java.security.AccessController.doPrivileged(Native Method)
{code}

Just switch framework to equinox and enable the security params in etc/system.properties

{code}
#
# By default, only Karaf shell commands are secured, but additional services can be
#
# To enable OSGi security, uncomment the properties below,
# install the framework-security feature and restart.
#
java.security.policy=${karaf.etc}/all.policy
org.osgi.framework.security=osgi
org.osgi.framework.trust.repositories=${karaf.etc}/trustStore.ks
{code}

This also happens with Felix but needs the additional Felix.Security bundle to be installed.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message