Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [equinox-dev] Conditional Permission are not being checked

That is a rather old version of Equinox 3.5 (M1). Go to http://download.eclipse.org/equinox/ to see all the versions available and download 3.5 M7.
--

BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the
OSGi Alliance
hargrave@xxxxxxxxxx

office: +1 386 848 1781
mobile: +1 386 848 3788




From: "David Conde" <dconde@xxxxxxxx>
To: "'Equinox development mailing list'" <equinox-dev@xxxxxxxxxxx>
Date: 2009/05/07 04:32
Subject: RE: [equinox-dev] Conditional Permission are not being checked
Sent by: equinox-dev-bounces@xxxxxxxxxxx





I am sorry, I found the new version 3.5 of Equinox in http://www.eclipse.org/downloads/download.php?file=/equinox/drops/S-3.5M1-200808071402/org.eclipse.osgi_3.5.0.v20080804-1730.jar
 
So I will try with this one and I will write back the results.
 
David
 
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En nombre de David Conde
Enviado el:
jueves, 07 de mayo de 2009 10:26
Para:
'Equinox development mailing list'
Asunto:
RE: [equinox-dev] Conditional Permission are not being checked

 
Hi again, where I can get Equinox 3.5 I tried to get from http://download.eclipse.org/equinox/drops/R-3.4.2-200902111700/index.php, but there is just to version 3.4 to download.
 
I do not know really the problem and If I am missing something, I have a Permission Manager, who grant to itself ALLPERMISSION, and in this bundle we fix a BundleLocationCondition in order that my bundle
 
file:C:\\equinoxv34\\clientserviceconditional.jar is the only one who can Get the Service from ServiceConditional. Am I wrong? What option do I have to write when I launch Equinox in console way?
 
cpa.addConditionalPermissionInfo(
new
ConditionInfo[]{
new
ConditionInfo(
BundleLocationCondition.
class.getName(),
new


String[]{
"file:C:\\equinoxv34\\clientserviceconditional.jar"})
},

new
PermissionInfo[]{
new
PermissionInfo
(ServicePermission.
class.getName(),"dconde.osgi.serviceconditional.ServiceConditional","GET")

});

Thank you very much in advance
 
 
 
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En nombre de Thomas Watson
Enviado el:
miércoles, 06 de mayo de 2009 18:52
Para:
Equinox development mailing list
Asunto:
Re: [equinox-dev] Conditional Permission are not being checked

 

Can you try this on 3.5? The OSGi R4.2 specification (implemented in Equinox 3.5) made a clarification about when the default permissions from PermissionAdmin are used in the presence of the ConditionalPermissionAdmin service.

The default default permissions for PermissionAdmin is AllPermissions. In Equinox 3.4 we would fall back to the PermissionAdmin default permissions if none of the conditions from the ConditionalPermissionAdmin table were satisfied for a particular bundle. The OSGi R4.2 specification has been clarified such that the PermissionAdmin default permissions are ONLY used if the condition table is COMPLETELY empty. Once you add a single condition to the table then bundles must not be granted the PermissionAdmin default permissions.

In 3.4 you should set the PermissionAdmin default permissions to a restricted set of permissions or you could set another condition with ConditionalPermissionAdmin which restricts the permissions for all bundle locations.

Tom



Inactive hide details for "David Conde" ---05/06/2009 11:08:03 AM---Hi,"David Conde" ---05/06/2009 11:08:03 AM---Hi,


From:

"David Conde" <dconde@xxxxxxxx>

To:

<equinox-dev@xxxxxxxxxxx>

Date:

05/06/2009 11:08 AM

Subject:

[equinox-dev] Conditional Permission are not being checked






Hi,

I am trying to check Conditional Permssion Admin SErvice in Equinox. For this reason, I create a Bundle consumer, another one called service and another called PermissionManager who will implement the Conditional Permissions for the consumer.

The problem is that I do not get any exception when I try to get the service from another location different from my allowed one.

My PermissionManager implements BundleActivator and get the service ConditionalPermissionAdmin from the framework in the start method, finally is shown below:

private
ConditionalPermissionAdmin cpa;

condPermRef
= context.getServiceReference(ConditionalPermissionAdmin.class.getName());

cpa
=(ConditionalPermissionAdmin) context.getService(condPermRef);

AccessController.doPrivileged(
new PrivilegedAction() {
public
Object run() {
cpa
.addConditionalPermissionInfo(new ConditionInfo[]{
new
ConditionInfo(BundleLocationCondition.class.getName(),
new

String[]{context.getBundle().getLocation()})
},

new
PermissionInfo[]{
new
PermissionInfo(
AllPermission.
class.getName(), "", "")
});


cpa
.addConditionalPermissionInfo(
new
ConditionInfo[]{
new
ConditionInfo(
BundleLocationCondition.
class.getName(),
new


String[]{
"file:C:\\equinoxv34\\clientserviceconditional.jar"})
},

new
PermissionInfo[]{
new
PermissionInfo
(ServicePermission.
class.getName(),"dconde.osgi.serviceconditional.ServiceConditional","GET")

});

// Add other permissions

return
null; // nothing to return
}
});


If I try to get the Service from another consumer in another location no exception is thrown, and I do not really know what I am missing. What do I need to apply Conditional Permission?

I am not applying as the same time Local Permission with permissions.perm, Does this have something to do with my results?

I am launching Equinox in this way:

java -Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager -Djava.security.policy=policy.policy -jar org.eclipse.osgi_3.4.3.R34x_v20081215-1030.jar –console

Any advice will be helpful

Thanks in advance

David

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx

https://dev.eclipse.org/mailman/listinfo/equinox-dev_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Back to the top