[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
re: [equinox-dev] OSGi and Security

Hi,

Your question:
"So, the question is whether or not I can somehow set up a condition that
allows me to specify that particular services can only come from
particular bundles without having to then explicitly allow specific
services from all other bundles."

In order to do what you want to do, I believe you would need to first turn
on the OSGI Security Manager.  That means all the deployed bundles
supposely should have a OSGI-INF/permissions.perm file.  The
permissions.perm file  specify the permissions its bundle can have.  If
there is no permissions.perm file for a bundle, the bundle would have
AllPermission by default for its local permissions.
I think It is then possible to write a custom condition.   For example,
let's say you have special bundles that are signed by A and all other
bundles are signed by B. Also, let's suppose the service is com.acme.foo.
For this example, you would just need to setup a signer condition granting
the 'get, register' ServicePermission permission of com.acme.foo to the
special bundles.  In addition, you need to setup another condition just
granting the 'get' ServicePermission to all other bundles.

I believe this should help accomplish what want to do. Please let me know
otherwise.

-Eric


                                                                           
             equinox-dev-reque                                             
             st@xxxxxxxxxxx                                                
             Sent by:                                                   To 
             equinox-dev-bounc         equinox-dev@xxxxxxxxxxx             
             es@xxxxxxxxxxx                                             cc 
                                                                           
                                                                   Subject 
             08/30/2006 12:00          equinox-dev Digest, Vol 16, Issue   
             PM                        20                                  
                                                                           
                                                                           
             Please respond to                                             
             equinox-dev@eclip                                             
                  se.org                                                   
                                                                           
                                                                           




Send equinox-dev mailing list submissions to
             equinox-dev@xxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
             https://dev.eclipse.org/mailman/listinfo/equinox-dev
or, via email, send a message with subject or body 'help' to
             equinox-dev-request@xxxxxxxxxxx

You can reach the person managing the list at
             equinox-dev-owner@xxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of equinox-dev digest..."


Today's Topics:

   1. OSGi and Security (John Wells)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Aug 2006 10:22:16 -0700
From: "John Wells" <jwells@xxxxxxx>
Subject: [equinox-dev] OSGi and Security
To: "Equinox development mailing list" <equinox-dev@xxxxxxxxxxx>
Message-ID:

<027627FF51944F4696C7D35391315FB702140879@xxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

I want to allow only specific bundles to offer particular services.  For
example, suppose I have a service "com.acme.Foo" that I want to be sure
is only available from one of three particular signed bundles.

How can I do this with the OSGi Security (either Conditional (chapter 9)
or not (chapter 10))?

The trouble with this, of course, is that I want all other bundles to be
allowed to REGISTER any other services without having any knowledge of
what those services might be beforehand (and without having to force
them to explicitly allow for any service they might want to offer in
their security files).

So, the question is whether or not I can somehow set up a condition that
allows me to specify that particular services can only come from
particular bundles without having to then explicitly allow specific
services from all other bundles.

Thanks in advance for your help!


John Wells (Aziz)

jwells@xxxxxxxxxxxxx

_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://eclipse.org/pipermail/equinox-dev/attachments/20060829/126acc92/attachment.html


------------------------------

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


End of equinox-dev Digest, Vol 16, Issue 20
*******************************************