security/permissions question

[jamie campbell <ja...@parit.ca>]

I've scoured the felix user archives and came across interesting threads 
from July 9, 2010 and Oct 4, 2010 on managing permissions within OSGi.

My needs at the moment are quite simple : What I'm working on is still 
in the early stages of development so I want everything to be able to do 
everything.  Am I correct in assuming that if I don't explicitly load 
framework.security, then this is the case?  Or, instead, without 
framework.security do I end up with a default security model and no 
ability to change it.  I'm hoping there's a simple way to just Let 
Programs Be Free without getting pulled into security complexity just yet...

 From testing with Karaf, it seems that FileInstall has configuration 
updating permission for other bundles without ever being explicitly 
granted it (even though the OSGi spec says it needs it to be able to do 
such operations), so I'm hoping that's a big hint that what I'm hoping 
is true is actually true :)

-Jamie

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org

Re: security/permissions question

["Richard S. Hall" <he...@ungoverned.org>]

22/2011 08:42 PM, jamie campbell wrote:
> I've scoured the felix user archives and came across interesting 
> threads from July 9, 2010 and Oct 4, 2010 on managing permissions 
> within OSGi.
>
> My needs at the moment are quite simple : What I'm working on is still 
> in the early stages of development so I want everything to be able to 
> do everything.  Am I correct in assuming that if I don't explicitly 
> load framework.security, then this is the case?  Or, instead, without 
> framework.security do I end up with a default security model and no 
> ability to change it.  I'm hoping there's a simple way to just Let 
> Programs Be Free without getting pulled into security complexity just 
> yet...

If you don't install the Framework Security Provider, then any bundle 
can do whatever it wants because security is not being enforced.

>
> From testing with Karaf, it seems that FileInstall has configuration 
> updating permission for other bundles without ever being explicitly 
> granted it (even though the OSGi spec says it needs it to be able to 
> do such operations), so I'm hoping that's a big hint that what I'm 
> hoping is true is actually true :)

Again, without the security provider installed and security not enabled, 
then anyone can do anything. However, even if you install the security 
provider and enable security, all bundles have AllPermission until 
someone sets an initial security policy. After that, then bundles can 
only do whatever they've been granted by the security policy that was 
put in place.

-> richard

>
> -Jamie
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org