You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@aries.apache.org by "Lin Sun (JIRA)" <ji...@apache.org> on 2010/11/18 20:32:13 UTC
[jira] Created: (ARIES-497) Subsystem-scope: some prototype work
for java security
Subsystem-scope: some prototype work for java security
------------------------------------------------------
Key: ARIES-497
URL: https://issues.apache.org/jira/browse/ARIES-497
Project: Aries
Issue Type: Improvement
Components: Subsystem
Reporter: Lin Sun
Assignee: Lin Sun
Priority: Minor
I have done some prototype work for for subsystem with java security. The idea is when security manager is turned on, we want to allow the subsystem to have some sort of default permissions (default allows and denys).
I haven't really gotten the piece of work working but I thought I should check what I have. Here is what it is able to do:
1. added default allows and denys for scope when each of the scope is created. If the scope provides its own permission file, this file needs to be read. (TBD).
2. added itests for these. Unfortunately itests are not passing yet, but I was able to turn on security w/ equinox and run through the itests. The itests currently failed when scopeUpdateImpl is trying to register the scopeadmin service in the service registry but didn't have permission to do so. It seems I am not configuring the permission correctly for the subsystem.scope.impl bundle. I thought I should check in what I have for now. The tests of course pass when security is off.
<error message="access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin register)" type="java.security.AccessControlException">java.security.AccessControlException: access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin register)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.checkRegisterServicePermission(ServiceRegistry.java:1021)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:200)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:429)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:447)
at org.apache.aries.subsystem.scope.impl.ScopeUpdateImpl.commit(ScopeUpdateImpl.java:164)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.