[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [equinox-dev] Problem with custom local permissions

Hi, I have been trying some changes and I think that I could be because I
have not implemented well my Permission class:

MyPermission class extends from permission and it is implemented as shown
below:


public class PlatformConfigurationPermission extends Permission implements
Serializable {
	private String LOG_PROPERTIES_FILE =
System.getProperty("log4jAdaptorfile");
    private Log4jAdaptor log = new Log4jAdaptor
(LOG_PROPERTIES_FILE,this.getClass()); 
	
	public static final String READ_VALUE = "readValue";
	 
	
	private final int READ_VALUE_MASK = 0x01;
	 
	
	public static final String WRITE_VALUE = "writeValue";
	 
	
	private final int WRITE_VALUE_MASK = 0x02;
	 
	
	private int actions;
	 
	static public final String PERMISSION_NAME =
"PlatformConfigurationPermission";
	
	
	public PlatformConfigurationPermission(String action) 
			throws IllegalArgumentException {
		
Action = Permission_NAME
		super (PERMISSION_NAME); 
		String temp[];
		actions =0;
		temp= action.split(",");
		
		for (int i=0;i<temp.length;i++) {
		   if ((temp[i].equalsIgnoreCase(READ_VALUE))
	
||(temp[i].equalsIgnoreCase(WRITE_VALUE))) {
			  if (temp[i].equals(READ_VALUE)) {	
				actions = actions | 0x01;
			  } else {
				actions = actions |0x02;
			  }		
		   } else if (temp[i].equalsIgnoreCase(PERMISSION_NAME)) {
//No se debería poner esto
			   
		   } else {
			   System.out.println ("Unknown Action: "+action);
			   log.error("Unknown Action: "+action);
			   throw new
IllegalArgumentException("UnknownAction");
		   }
		}		
	}
	
	
	public String getActions() {
		//String result ="";
		String result = new String();
		if ((actions & READ_VALUE_MASK) == READ_VALUE_MASK) {
			result = result + READ_VALUE + ",";
		}
		if ((actions & WRITE_VALUE_MASK) == WRITE_VALUE_MASK) {
			result = result + WRITE_VALUE + ",";	
		}
		System.out.println (result.substring(0, result.length()-1));
		/* Devuelve la cadena quitando la coma del final */
		
		return result.substring(0, result.length()-1); 
		
	 }
	 
	 
	public boolean equals(Object obj) {
		if (obj == null) {
		      return false;
		}      
		if (!getClass().equals(obj.getClass())) {
		      return false;
		}      
		PlatformConfigurationPermission b =
(PlatformConfigurationPermission) obj;
		return actions==b.actions;	
	}
	
	
	public boolean implies( Permission p){	
		if (p == null){
			return false;	
		}
		if (!getClass().equals(p.getClass())) {
			return false;	
		}
	    PlatformConfigurationPermission b =
(PlatformConfigurationPermission) p;	 
	    return ((b.actions & actions) == b.actions);	   
	}
	
	
	public int hashCode() {
	    return getName().hashCode();
	} 
}


If I introduce in my permissions.perm file the next line which matches with
the text shown in the exception:
(es.citic.osgi.system.platformConfiguration.PlatformConfigurationPermission
"PlatformConfigurationPermission" "writeValue")

The Exception which was got is:
 Java.security.AccessControlException: Access denied
 
(es.citic.osgi.system.platformConfiguration.PlatoformConfigurationPermission
 PlatformConfigurationPermission writeValue)


What am I missing anything?



Where could I see the UserAdminPermission or ServicePermission source code
so that I can implementent my Permission classes as them?


I have tried with another own permission class and the result is the mine,
so please I would like to see the code to implement my own services so that
they can work in Equinox framework as Local Permission.

With normal permission as FilePermission, ServicePermission, which were not
developed by me Equinox Works perfectly.

Thank you in advance

Any tips or thought will be welcomed



-----Mensaje original-----
De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx]
En nombre de dconde@xxxxxxxx
Enviado el: domingo, 06 de septiembre de 2009 21:08
Para: Equinox development mailing list
Asunto: Re: [equinox-dev] Problem with custom local permissions

Hi again,

Maybe what I am trying to do which was explained in my previous thread is
not possible. I would like to know if it is possible to specify custom
permissions as local permission setting them in permission.perm file or do
I have to specify them by program in the same way as conditional
permissions?

I have created a custom permission class called MyPermission class which
extends from java.security.Permission and I have tried set them in a
permissions.perm file as local permissions, is this possible?

Thank you in advance




> Hi,
>
> I did not write any bundle which neither reads the permissions nor parses
> the text into PermissionInfo. I supposed that I could work in the same way
> that I worked with other permissions different to custom permissions, I
> mean , I created a policy.policy file where I set ALLPermissions
>
> grant {
> permission java.security.AllPermission;
> };
>
> then I launched Equinox with SecurityManager in the command line
>
>
>
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
> curityManager
> -Djava.security.policy=policy
>
> and placed the OSGI-INF folder with permissions.perm file into the bundle
> directory, what I do not understand is why I have to do what you explained
> me if I did not do when I did not use custom permissions. I mean, are
> custom permission dealed in different way as ServicePermission or
> FilePermission?
>
>
> I have done some tests with local permissions without using custom
> permissions and I did not have to create any bundle which read the
> permissions.perm file nor parse the text into PermissionInfo.
>
> Is there some example about how I have to do this?
>
> Thank you in advance
>
>
>> Have you written (or installed) a bundle which reads the
>> permissions.perm
>> file, parses the text into PermissionInfos and calls either
>> PermissionAdmin or ConditionalPermissionAdmin to set the permissions of
>> the bundle?
>>
>> permissions.perm files are not read by the framework. You need s
>> security
>> policy bundle installed (for example, as I describe above) to set bundle
>> permissions. The framework is policy free.
>> --
>>
>> BJ Hargrave
>> Senior Technical Staff Member, IBM
>> OSGi Fellow and CTO of the OSGi Alliance
>> hargrave@xxxxxxxxxx
>>
>> office: +1 386 848 1781
>> mobile: +1 386 848 3788
>>
>>
>>
>>
>> From:
>> "David Conde" <dconde@xxxxxxxx>
>> To:
>> "'Equinox development mailing list'" <equinox-dev@xxxxxxxxxxx>
>> Date:
>> 2009/09/04 07:59
>> Subject:
>> [equinox-dev] Problem with custom local permissions
>> Sent by:
>> equinox-dev-bounces@xxxxxxxxxxx
>>
>>
>>
>> Hi,
>>
>> I have the next scenario:
>> Bundle Service which has a method called addVALUE as  shown:
>>
>> public boolean addValue(String key, Object value) {
>>
>>             SecurityManager security = System.getSecurityManager();
>>           if (security != null) {
>>             security.checkPermission(new
>> PlatformConfigurationPermission(
>>                     PlatformConfigurationPermission.WRITE_VALUE));
>>           }
>>
>> }
>>
>> The problem is that other  bundle  called consumer which has the next
>> permissions.perm file, tries to call this method getting the Security
>> Exception shown below:
>>
>> #TestPlatformConfiguration Permissions File
>> (java.io.FilePermission "C:\TestingLog3.log" "write")
>>
(es.citic.osgi.system.platformConfiguration.PlatformConfigurationPermission
>> "PlatformConfigurationPermission" "writeValue")
>>
>>
>> The Exception which was got is:
>> Java.security.AccessControlException: Access denied
>>
(es.citic.osgi.system.platformConfiguration.PlatoformConfigurationPermission
>> PlatformConfigurationPermission writeValue)
>>
>>
>> My PlatformConfigurationPermission class extends from Permission.
>>
>> What am I missing in this implementation?
>>
>> It looks like as does not recognice what I am writing in the
>> permission.perm file.
>>
>> Any idea
>>
>> Thank you in advance
>>
>> David_______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>> _______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>
>
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>
>


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev