river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: servlet based JERI
Date Mon, 15 Feb 2010 23:05:50 GMT
Hi Dennis,

Clarification see inline:

Peter Firmstone wrote:
> You place a file called permissions.perm inside a top level directory 
> in the bundle.
> OSGI-INF/permissions.perm
> The syntax is that used for java policy files.

The above statement is incorrect, my apologies, it should have read "is 
similar to that" , sorry a bit tired, it's actually a simpler more 
restricted syntax than the policy files, although it will be instantly 
recognisable to anyone used to writing policy files, permissions.perm is 
a UTF-8 encoded text file, lines beginning with # or // are comments, it 
doesn't have grants etc.  It has only one permission per line.

Here's an example of OSGI-INF/permissions.perm :

# Quick and dirty example list of required permissions for some bundle
( java.util.PropertyPermission "jsk.home" "read" )
( java.util.PropertyPermission "jsk.port" "read, write" )
( java.io.FilePermission "<<ALL FILES>>" "read" )

Without OSGi Bundles, the identical permission's might appear like this 
in some Policy file's syntax :

// The same permissions in a policy file
grant codeBase "some codebase path" {
    permission java.util.PropertyPermission "jsk.home", "read";
    permission java.util.PropertyPermission "jsk.port", "read, write";
    permission java.io.FilePermission "<<ALL FILES>>", "read";

> The format is the same as the encoded format of PermissionInfo for 
> that permission.
> The framework limits the permissions to this set, less permissions may 
> be granted of course, dependant on the bundle signer.
> Cheers,
> Peter.
> Dennis Reedy wrote:
>> On Feb 14, 2010, at 524PM, Peter Firmstone wrote:
>>> I guess it could be designed in by noting what permissions are 
>>> required in the source code. It is possible that the tool might miss 
>>> a permission based on the execution path.  That's one thing I like 
>>> about OSGi bundles, the author of the bundle specifies the 
>>> permissions required to execute the code in the bundle.
>> I guess I could research this, but its easier to ask :)
>> Can you give me example(s) of what bundle declared permissions look 
>> like?
>> Thanks
>> Dennis

View raw message