river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: servlet based JERI
Date Mon, 15 Feb 2010 23:05:50 GMT
Hi Dennis,

Clarification see inline:

Peter Firmstone wrote:
> You place a file called permissions.perm inside a top level directory 
> in the bundle.
>
> OSGI-INF/permissions.perm
>
> The syntax is that used for java policy files.

The above statement is incorrect, my apologies, it should have read "is 
similar to that" , sorry a bit tired, it's actually a simpler more 
restricted syntax than the policy files, although it will be instantly 
recognisable to anyone used to writing policy files, permissions.perm is 
a UTF-8 encoded text file, lines beginning with # or // are comments, it 
doesn't have grants etc.  It has only one permission per line.

Here's an example of OSGI-INF/permissions.perm :

# Quick and dirty example list of required permissions for some bundle
( java.util.PropertyPermission "jsk.home" "read" )
( java.util.PropertyPermission "jsk.port" "read, write" )
( java.io.FilePermission "<<ALL FILES>>" "read" )
//eof

Without OSGi Bundles, the identical permission's might appear like this 
in some Policy file's syntax :

// The same permissions in a policy file
grant codeBase "some codebase path" {
    permission java.util.PropertyPermission "jsk.home", "read";
    permission java.util.PropertyPermission "jsk.port", "read, write";
    permission java.io.FilePermission "<<ALL FILES>>", "read";
};
//eof

http://www.osgi.org/javadoc/r4v42/org/osgi/service/permissionadmin/PermissionInfo.html
>
> The format is the same as the encoded format of PermissionInfo for 
> that permission.
>
> The framework limits the permissions to this set, less permissions may 
> be granted of course, dependant on the bundle signer.
>
> Cheers,
>
> Peter.
>
> Dennis Reedy wrote:
>> On Feb 14, 2010, at 524PM, Peter Firmstone wrote:
>>
>>  
>>> I guess it could be designed in by noting what permissions are 
>>> required in the source code. It is possible that the tool might miss 
>>> a permission based on the execution path.  That's one thing I like 
>>> about OSGi bundles, the author of the bundle specifies the 
>>> permissions required to execute the code in the bundle.
>>>
>>>     
>>
>> I guess I could research this, but its easier to ask :)
>>
>> Can you give me example(s) of what bundle declared permissions look 
>> like?
>>
>> Thanks
>>
>> Dennis
>>
>>
>>   
>
>


Mime
View raw message