[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Enabling security in Equinox

Hello Tom,

On Oct 28, 2009, at 22:46 , Tom Hsu wrote:

I have an usecase in which we'd like to secure the behavior of some particular bundles at runtime. We have an OSGi equinox application that will install custom bundles during runtime and execute code from those custom bundles. We'd like to restrict the execution of those code to specified work directories for security reasons.

I have searched for a morning about a quickstart guide to enable java.policy style permissions for installed bundles by the OSGi equinox fwk. But I have not found any easy documentation besides osgi specifications on Admin permission and conditional admin services. Can someone point me to some documentation?

In short, I want to restrict runtime-installed bundles to have limited IO privileges. Thanks.

Last year at EclipseCon, Karl Pauls and I did a workshop on secure OSGi applications. Amongst other things we discussed how to run both Equinox and Felix with security. There are slides in the PDF that explain the command line options you need.


http://felix.apache.org/site/presentations.data/Building%20Secure%20OSGi%20Applications%20Workshop.pdf

Small disclaimer, this information is over a year old and might be a bit outdated here and there, but still it might be a good starting point.

Greetings, Marcel