You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@felix.apache.org by Benson Margulies <be...@basistech.com> on 2016/09/21 20:48:13 UTC
Felix container and Java SecurityManager -- does the container always
implement security
I'd like to run a Felix container as if it was just some ordinary
piece of an application inside of a security manager; I don't want any
security manager checks or behaviors from the container. Can I do
this, or does the container always interact with the SecurityManager
if there is one?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Felix container and Java SecurityManager -- does the container
always implement security
Posted by Benson Margulies <be...@basistech.com>.
Thanks, that does answer my question.
On Wed, Sep 21, 2016 at 5:17 PM, Karl Pauls <ka...@gmail.com> wrote:
> I guess I'm not 100% sure I understand what you are asking exactly. Let me
> first try to explain what the different options are and then try to answer
> what I think you are asking.
>
> If there is a security manager installed the framework will do permission
> checks where the spec mandates it. However, assuming you didn't install the
> framework.security provider, all bundles will have AllPermission by default
> -- except, if you have set felix.security.defaultpolicy=true. In that
> case, your security policy will be consulted for bundles as well.
>
> Hence, if you want behavior just as some ordinary library in an application
> with a security manager you probably want to _not_ install the
> framework.security provider and set felix.security.defaultpolicy=true
> (either as a -D property or as one passed to the felix constructor). That
> in turn will make it so that you _do_ get permission checks triggered from
> Felix as well as potentially from bundles which you can grant (or deny by
> omission, respectively) via your security policy.
>
> Otherwise, if you just don't want failing permission checks then, don't
> install the framework.security provider and _don't_ set
> felix.security.defaultpolicy.
> That will make it so that you _do_ get permission checks triggered from
> Felix as well as potentially from bundles but at least bundles will have
> AllPermission by default (hence, all you need to do in your policy is to
> give felix.jar and your external code that calls into Felix permissions).
>
> If, on the other hand, you don't want _any_ permission checks triggered by
> felix despite a security manage being around the answer is: no - thats not
> possible.
>
> regards,
>
> Karl
>
> On Wed, Sep 21, 2016 at 10:48 PM, Benson Margulies <be...@basistech.com>
> wrote:
>
>> I'd like to run a Felix container as if it was just some ordinary
>> piece of an application inside of a security manager; I don't want any
>> security manager checks or behaviors from the container. Can I do
>> this, or does the container always interact with the SecurityManager
>> if there is one?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>> For additional commands, e-mail: users-help@felix.apache.org
>>
>>
>
>
> --
> Karl Pauls
> karlpauls@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: Felix container and Java SecurityManager -- does the container
always implement security
Posted by Karl Pauls <ka...@gmail.com>.
I guess I'm not 100% sure I understand what you are asking exactly. Let me
first try to explain what the different options are and then try to answer
what I think you are asking.
If there is a security manager installed the framework will do permission
checks where the spec mandates it. However, assuming you didn't install the
framework.security provider, all bundles will have AllPermission by default
-- except, if you have set felix.security.defaultpolicy=true. In that
case, your security policy will be consulted for bundles as well.
Hence, if you want behavior just as some ordinary library in an application
with a security manager you probably want to _not_ install the
framework.security provider and set felix.security.defaultpolicy=true
(either as a -D property or as one passed to the felix constructor). That
in turn will make it so that you _do_ get permission checks triggered from
Felix as well as potentially from bundles which you can grant (or deny by
omission, respectively) via your security policy.
Otherwise, if you just don't want failing permission checks then, don't
install the framework.security provider and _don't_ set
felix.security.defaultpolicy.
That will make it so that you _do_ get permission checks triggered from
Felix as well as potentially from bundles but at least bundles will have
AllPermission by default (hence, all you need to do in your policy is to
give felix.jar and your external code that calls into Felix permissions).
If, on the other hand, you don't want _any_ permission checks triggered by
felix despite a security manage being around the answer is: no - thats not
possible.
regards,
Karl
On Wed, Sep 21, 2016 at 10:48 PM, Benson Margulies <be...@basistech.com>
wrote:
> I'd like to run a Felix container as if it was just some ordinary
> piece of an application inside of a security manager; I don't want any
> security manager checks or behaviors from the container. Can I do
> this, or does the container always interact with the SecurityManager
> if there is one?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>
--
Karl Pauls
karlpauls@gmail.com