You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@felix.apache.org by jamie campbell <ja...@parit.ca> on 2011/02/23 02:42:20 UTC
security/permissions question
I've scoured the felix user archives and came across interesting threads
from July 9, 2010 and Oct 4, 2010 on managing permissions within OSGi.
My needs at the moment are quite simple : What I'm working on is still
in the early stages of development so I want everything to be able to do
everything. Am I correct in assuming that if I don't explicitly load
framework.security, then this is the case? Or, instead, without
framework.security do I end up with a default security model and no
ability to change it. I'm hoping there's a simple way to just Let
Programs Be Free without getting pulled into security complexity just yet...
From testing with Karaf, it seems that FileInstall has configuration
updating permission for other bundles without ever being explicitly
granted it (even though the OSGi spec says it needs it to be able to do
such operations), so I'm hoping that's a big hint that what I'm hoping
is true is actually true :)
-Jamie
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: security/permissions question
Posted by "Richard S. Hall" <he...@ungoverned.org>.
22/2011 08:42 PM, jamie campbell wrote:
> I've scoured the felix user archives and came across interesting
> threads from July 9, 2010 and Oct 4, 2010 on managing permissions
> within OSGi.
>
> My needs at the moment are quite simple : What I'm working on is still
> in the early stages of development so I want everything to be able to
> do everything. Am I correct in assuming that if I don't explicitly
> load framework.security, then this is the case? Or, instead, without
> framework.security do I end up with a default security model and no
> ability to change it. I'm hoping there's a simple way to just Let
> Programs Be Free without getting pulled into security complexity just
> yet...
If you don't install the Framework Security Provider, then any bundle
can do whatever it wants because security is not being enforced.
>
> From testing with Karaf, it seems that FileInstall has configuration
> updating permission for other bundles without ever being explicitly
> granted it (even though the OSGi spec says it needs it to be able to
> do such operations), so I'm hoping that's a big hint that what I'm
> hoping is true is actually true :)
Again, without the security provider installed and security not enabled,
then anyone can do anything. However, even if you install the security
provider and enable security, all bundles have AllPermission until
someone sets an initial security policy. After that, then bundles can
only do whatever they've been granted by the security policy that was
put in place.
-> richard
>
> -Jamie
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org