You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@aries.apache.org by "Lin Sun (JIRA)" <ji...@apache.org> on 2010/11/18 20:32:13 UTC

[jira] Created: (ARIES-497) Subsystem-scope: some prototype work for java security

Subsystem-scope: some prototype work for java security
------------------------------------------------------

                 Key: ARIES-497
                 URL: https://issues.apache.org/jira/browse/ARIES-497
             Project: Aries
          Issue Type: Improvement
          Components: Subsystem
            Reporter: Lin Sun
            Assignee: Lin Sun
            Priority: Minor


I have done some prototype work for for subsystem with java security.  The idea is when security manager is turned on, we want to allow the subsystem to have some sort of default permissions (default allows and denys).

I haven't really gotten the piece of work working but I thought I should check what I have.   Here is what it is able to do:
1. added default allows and denys for scope when each of the scope is created.  If the scope provides its own permission file, this file needs to be read. (TBD).
2. added itests for these.  Unfortunately itests are not passing yet, but I was able to turn on security w/ equinox and run through the itests.  The itests currently failed when scopeUpdateImpl is trying to register the scopeadmin service in the service registry but didn't have permission to do so.   It seems I am not configuring the permission correctly for the subsystem.scope.impl bundle.   I thought I should check in what I have for now.   The tests of course pass when security is off.

  <error message="access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin register)" type="java.security.AccessControlException">java.security.AccessControlException: access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin register)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
        at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
        at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.checkRegisterServicePermission(ServiceRegistry.java:1021)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:200)
        at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:429)
        at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:447)
        at org.apache.aries.subsystem.scope.impl.ScopeUpdateImpl.commit(ScopeUpdateImpl.java:164)


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.