You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@felix.apache.org by li...@io7m.com on 2016/09/04 10:57:31 UTC

Consequences of a custom security manager?

Hello.

When the org.osgi.framework.security property is set to "osgi",
Felix will install the standard SecurityManager. If a security manager
is already installed and this property is set, Felix will throw an
exception on startup.

The standard J2SE security manager has historically been missing a
couple of extra checks that can control the creation of threads. An
updated security manager that adds in these missing checks is trivial:

public final class ExtraSecurityManager extends SecurityManager
{
  ExtraSecurityManager()
  {

  }

  @Override public void checkAccess(
    final @Nullable Thread t)
  {
    this.checkPermission(new RuntimePermission("modifyThread"));
  }

  @Override public void checkAccess(
    final @Nullable ThreadGroup g)
  {
    this.checkPermission(new RuntimePermission("modifyThreadGroup"));
  }
}

With the above, code needs the given RuntimePermission values to
create or stop threads.

However... If an application installs an instance of
ExtraSecurityManager before starting Felix, an exception will be thrown
as mentioned above. This can be worked around by simply _not_ setting
the org.osgi.framework.security property. Are there any other
consequences for not setting this property? Is there a better way to
tell Felix that we want a custom security manager?

M