• Space
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Mail
  • Advanced
  • Activity
• Log In
• Sign Up

1. Dashboard
2. > Development
3. > Home
4. > Use of the OSGi ConditionPermissionAdmin

• Log In
• Sign Up

Use of the OSGi ConditionPermissionAdmin

Added by Clemens Wilding, last edited by Clemens Wilding on Nov 25, 2008  (view change)

Some hints to set-up the OSGi Security for Felix can be found here: http://wiki.trialox.org/confluence/display/DEV/OSGi+security+in+felix

As soon as felix.framework.security bundle is installed, your steps will be as follows.

1. Bind the ConditionalPermissionAdmin in your bundle:

protected void bindConditionalPermissionAdmin(ConditionalPermissionAdmin cpa) {
	System.out.println("Binding ConditionalPermissionAdmin");
	this.cpa = cpa;
}

2. In order to make the binding work, you'll have to attach following lines to your code:

* @scr.component
* @scr.reference name="conditionalPermissionAdmin"
* cardinality="0..n" policy="dynamic"
* interface="org.osgi.service.condpermadmin.ConditionalPermissionAdmin"

These lines provide information for the SCR, which are read, when the bundle is installed.

3. SCR has to be installed seperately, so install it with following line:

start http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar

4. Now you'll need to give your bundles and the felix bundles all permissions. But the problem is, that your bundle depends on the SCR, so you can't give away the permissions, as the SCR doesn't have the permissions at this time.

The solution is to create a new PrivilegedAction, which grants all the needed permissions.

Here is a code example, which gives the Bundle with the id 0 all permissions:

AccessController.doPrivileged(new PrivilegedAction() {

	@Override
	public Object run() {
		cpa.addConditionalPermissionInfo(new ConditionInfo[]{
			new ConditionInfo(BundleLocationCondition.class.getName(),
			new String[]{context.getBundleContext().getBundle(0).getLocation()})
		},
		new PermissionInfo[]{
			new PermissionInfo(
			AllPermission.class.getName(), "", "")
		});
        }
}

5. If you're trying to manually bind another ConditionPermissionAdmin with another, Felix throws an Exception. Otherwise malicious bundles could add themselves permissions and as an example format your hard drive.

Useful Links:
A discussion about Felix security on the mailing list between Hasan, Pierre Parrend and Karl Pauls http://www.mail-archive.com/users@felix.apache.org/msg02606.html

Labels

 

(None)

Add Labels
Enter labels to add to this page: Looking for a label? Just start typing.

Powered by a free Atlassian Confluence Open Source Project License granted to Smart Content Binding. Evaluate Confluence today.

• Powered by Atlassian Confluence 2.8.2, the Enterprise Wiki.
• Bug/feature request –
• Atlassian news –
• Contact administrators