You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@felix.apache.org by Elvy <pi...@gmail.com> on 2011/02/23 16:39:18 UTC
My Permission is always allowed from Event Dispatching Thread
Hello,
I'm having issue with permissions checking.
I noticed that my permission is correctly [allowed | denied] when checked
outside the AWT EDT thread, whereas it always allowed when checked within
the EDT (through invokeLater, invokeAndWait, or even button click
callbacks).
I've enclosed a fully working FELIX 3.0.8 environment along with sources.
Just execute the run.bat file and check the output on the console.
One can edit the test.policy file which is in the conf folder to either
allow or deny the DummyPermission.
Any idea why the permission is always allowed in the EDT?
http://old.nabble.com/file/p30995963/felix3.0.8_permission_EDT_test.zip
felix3.0.8_permission_EDT_test.zip
-----
Tell me something you don't know!
--
View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p30995963.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: My Permission is always allowed from Event Dispatching Thread
Posted by Elvy <pi...@gmail.com>.
Karl Pauls wrote:
>
> your problem is that you didn't install the framework.security
> extension.
>
By simply installing the "Framework Security" bundle v1.4.1 (see
http://felix.apache.org/site/downloads.cgi Felix download section ), my
permission is now correctly denied from EDT thread. So far, so good.
I gave a look at the
https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security
documentation page and it hasn't been updated since 10 jan 2010! There,
it's is stated that 3 properties should be set:
- org.osgi.framework.security="osgi" : I didn't have to set this property
for my test to works. Is this really mandatory? What other values exist?
- java.security.policy : this is the file where the permissions are
defined. Has you can see, I already defined this property. I suppose this
property behaves as it does in a standard Java environment, doesn't it?
- org.osgi.framework.trust.repositories=<list of keystores> : this seems
optional...
It there an up-to-date documentation available? Do you need help to keep it
updated?
-----
Tell me something you don't know!
--
View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p31001670.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: My Permission is always allowed from Event Dispatching Thread
Posted by Elvy <pi...@gmail.com>.
Karl Pauls wrote:
>
> your problem is that you didn't install the framework.security
> extension.
>
By simply installing the "Framework Security" bundle v1.4.1 (see
http://felix.apache.org/site/downloads.cgi Felix download section ), my
permission is now correctly denied from EDT thread. So far, so good.
I gave a look at the
https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security
documentation page and it hasn't been updated since 10 jan 2010! There,
it's is stated that 3 properties should be set:
- org.osgi.framework.security="osgi" : I didn't have to set this property
for my test to works. Is this really mandatory? What other values exist?
- java.security.policy : this is the file where the permissions are
defined. Has you can see, I already defined this property. I suppose this
property behaves as it does in a standard Java environment, doesn't it?
- org.osgi.framework.trust.repositories=<list of keystores> : this seems
optional...
It there an up-to-date documentation available? Do you need help to keep it
updated?
-----
Tell me something you don't know!
--
View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p31001669.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: My Permission is always allowed from Event Dispatching Thread
Posted by Karl Pauls <ka...@gmail.com>.
On Thu, Feb 24, 2011 at 10:38 AM, Elvy <pi...@gmail.com> wrote:
>
>
> Karl Pauls wrote:
>>
>> your problem is that you didn't install the framework.security
>> extension.
>>
>
> By simply installing the "Framework Security" bundle v1.4.1 (see
> http://felix.apache.org/site/downloads.cgi Felix download section ), my
> permission is now correctly denied from EDT thread. So far, so good.
>
> I gave a look at the
> https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security
> documentation page and it hasn't been updated since 10 jan 2010! There,
> it's is stated that 3 properties should be set:
>
> - org.osgi.framework.security="osgi" : I didn't have to set this property
> for my test to works. Is this really mandatory? What other values exist?
Notice it does say "should" not "must" :-)
If you already have a security manager installed you don't need this property.
> - java.security.policy : this is the file where the permissions are
> defined. Has you can see, I already defined this property. I suppose this
> property behaves as it does in a standard Java environment, doesn't it?
Well, yes and no. The framework should get allpermission and will
handle security from there on -- hence, the document advices to just
grant allpermission. If you want to manage security for your bundles
have a look at the ConditionalPermissionAdmin service.
> - org.osgi.framework.trust.repositories=<list of keystores> : this seems
> optional...
It does say so in the document too and yes, it is.
> It there an up-to-date documentation available? Do you need help to keep it
> updated?
No, there is no up-to-date document at the moment however, this one is
not that much out of date (it should be updated to note that security
has been released and use the released version of framework.security).
Furthermore, yes, help is always welcome :-)
regards,
Karl
>
> -----
> Tell me something you don't know!
> --
> View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p31001671.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: My Permission is always allowed from Event Dispatching Thread
Posted by Elvy <pi...@gmail.com>.
Karl Pauls wrote:
>
> your problem is that you didn't install the framework.security
> extension.
>
By simply installing the "Framework Security" bundle v1.4.1 (see
http://felix.apache.org/site/downloads.cgi Felix download section ), my
permission is now correctly denied from EDT thread. So far, so good.
I gave a look at the
https://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Framework+Security
documentation page and it hasn't been updated since 10 jan 2010! There,
it's is stated that 3 properties should be set:
- org.osgi.framework.security="osgi" : I didn't have to set this property
for my test to works. Is this really mandatory? What other values exist?
- java.security.policy : this is the file where the permissions are
defined. Has you can see, I already defined this property. I suppose this
property behaves as it does in a standard Java environment, doesn't it?
- org.osgi.framework.trust.repositories=<list of keystores> : this seems
optional...
It there an up-to-date documentation available? Do you need help to keep it
updated?
-----
Tell me something you don't know!
--
View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p31001671.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: My Permission is always allowed from Event Dispatching Thread
Posted by Karl Pauls <ka...@gmail.com>.
I think your problem is that you didn't install the framework.security
extension. Without it, bundles have allpermission. In your case that
explains the difference in behaviour as in the first case, you still
have the framework protection domain on the stack while in the second
case (the edt one) you only have the protection domain of the bundle
on the stack (which gets allpermission by default as explained above).
regards,
Karl
On Wed, Feb 23, 2011 at 4:39 PM, Elvy <pi...@gmail.com> wrote:
>
> Hello,
>
> I'm having issue with permissions checking.
>
> I noticed that my permission is correctly [allowed | denied] when checked
> outside the AWT EDT thread, whereas it always allowed when checked within
> the EDT (through invokeLater, invokeAndWait, or even button click
> callbacks).
>
> I've enclosed a fully working FELIX 3.0.8 environment along with sources.
> Just execute the run.bat file and check the output on the console.
>
> One can edit the test.policy file which is in the conf folder to either
> allow or deny the DummyPermission.
>
> Any idea why the permission is always allowed in the EDT?
>
> http://old.nabble.com/file/p30995963/felix3.0.8_permission_EDT_test.zip
> felix3.0.8_permission_EDT_test.zip
>
> -----
> Tell me something you don't know!
> --
> View this message in context: http://old.nabble.com/My-Permission-is-always-allowed-from-Event-Dispatching-Thread-tp30995963p30995963.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org