You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@felix.apache.org by bokie <jm...@gmail.com> on 2012/07/27 03:52:27 UTC
framework security
Hi,
I am currently busy with a project and for this one I decided to implement
security. It's been going relatively well accept for a strange issue I'm
having - I'll try my best to explain it:
I have four bundles;
- Bundle A is "API A"
- Bundle B is the "API A PROVIDER"
- Bundle C is "API C" and "API C PROVIDER" and a "API A CONSUMER"
- Bundle D is a "API C CONSUMER"
The following permissions have been defined for each bundle
- Bundle A
PackagePermission "a" "exportonly"
- Bundle B
PackagePermission "a" "import"
ServicePermission "a.S1" "register"
- Bundle C
PackagePermission "a" "import"
PackagePermission "c" "exportonly"
ServicePermission "a.S1" "get"
ServicePermission "c.S2" "register"
- Bundle D
PackagePermission "c" "import"
ServicePermission "c.S2" "get"
Now for the strange part - unless I give Bundle D the ServicePermission
"get" for a.S1 I can't get things to work, and NO Bundle D makes absolutely
no reference to Bundle A; Bundle D is a consumer of Bundle C which in turn
is a consumer of Bundle A through Bundle B's implementation.
In other words, to get things to work I have to change this:
- Bundle D
PackagePermission "c" "import"
ServicePermission "c.S2" "get"
to this:
- Bundle D
PackagePermission "c" "import"
ServicePermission "c.S2" "get"
ServicePermission "a.S1" "get"
Am I missing something here - cause this doesn't seem right and makes no
sense?
Thanks
Bokie
--
View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by "Richard S. Hall" <he...@ungoverned.org>.
On 7/27/12 08:20 , bokie wrote:
> Got it to work!!!!
>
> A part in my code is "getting" services based on a specific filter and this
> part was not running in a doPrivileged() block - no exceptions where been
> thrown.
THe framework won't always throw security exceptions. Sometimes it just
fails silently so it doesn't leak information to the caller.
-> richard
>
> Still on the subject of the DM - all my bundles that use it require the
> following permissions:
> (java.util.PropertyPermission "*" "read")
> (java.lang.RuntimePermission "accessDeclaredMembers" "")
> (java.lang.reflect.ReflectPermission "suppressAccessChecks" "")
>
> Is this normal?
> At the moment I'm guessing that this is because my activator extends
> DependencyActivatorBase which requires these permissions.
>
> Thanks
> Bokie
>
>
>
>
>
>
> --
> View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998728.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by bokie <jm...@gmail.com>.
Thanks Richard,
I'll try open a a bug report in JIRA.
Bokie
--
View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998737.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by "Richard S. Hall" <he...@ungoverned.org>.
On 7/27/12 08:34 , Karl Pauls wrote:
> Yeah, the problem is that the dependencymanager isn't doing doPriv's
> either so your kinda stuck there. Obviously, giving bundles this kind
> of permissions kinda ruins everything (as they could use reflection).
>
> Either you need to stop using dependencymanager or convince Marcel to
> start using doPriv's where necessary (I'm sure patches are welcome :-)
A good first step would be to open a bug report in JIRA for it...
-> richard
>
> regards,
>
> Karl
>
> On Fri, Jul 27, 2012 at 2:20 PM, bokie <jm...@gmail.com> wrote:
>> Got it to work!!!!
>>
>> A part in my code is "getting" services based on a specific filter and this
>> part was not running in a doPrivileged() block - no exceptions where been
>> thrown.
>>
>> Still on the subject of the DM - all my bundles that use it require the
>> following permissions:
>> (java.util.PropertyPermission "*" "read")
>> (java.lang.RuntimePermission "accessDeclaredMembers" "")
>> (java.lang.reflect.ReflectPermission "suppressAccessChecks" "")
>>
>> Is this normal?
>> At the moment I'm guessing that this is because my activator extends
>> DependencyActivatorBase which requires these permissions.
>>
>> Thanks
>> Bokie
>>
>>
>>
>>
>>
>>
>> --
>> View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998728.html
>> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
>> For additional commands, e-mail: users-help@felix.apache.org
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by Karl Pauls <ka...@gmail.com>.
Yeah, the problem is that the dependencymanager isn't doing doPriv's
either so your kinda stuck there. Obviously, giving bundles this kind
of permissions kinda ruins everything (as they could use reflection).
Either you need to stop using dependencymanager or convince Marcel to
start using doPriv's where necessary (I'm sure patches are welcome :-)
regards,
Karl
On Fri, Jul 27, 2012 at 2:20 PM, bokie <jm...@gmail.com> wrote:
> Got it to work!!!!
>
> A part in my code is "getting" services based on a specific filter and this
> part was not running in a doPrivileged() block - no exceptions where been
> thrown.
>
> Still on the subject of the DM - all my bundles that use it require the
> following permissions:
> (java.util.PropertyPermission "*" "read")
> (java.lang.RuntimePermission "accessDeclaredMembers" "")
> (java.lang.reflect.ReflectPermission "suppressAccessChecks" "")
>
> Is this normal?
> At the moment I'm guessing that this is because my activator extends
> DependencyActivatorBase which requires these permissions.
>
> Thanks
> Bokie
>
>
>
>
>
>
> --
> View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998728.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
--
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by bokie <jm...@gmail.com>.
Got it to work!!!!
A part in my code is "getting" services based on a specific filter and this
part was not running in a doPrivileged() block - no exceptions where been
thrown.
Still on the subject of the DM - all my bundles that use it require the
following permissions:
(java.util.PropertyPermission "*" "read")
(java.lang.RuntimePermission "accessDeclaredMembers" "")
(java.lang.reflect.ReflectPermission "suppressAccessChecks" "")
Is this normal?
At the moment I'm guessing that this is because my activator extends
DependencyActivatorBase which requires these permissions.
Thanks
Bokie
--
View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998728.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by Karl Pauls <ka...@gmail.com>.
Having the dependency manager in the mix makes it hard to guess what
the real path is. Can you please give a bit more information about
what you do and what happens? I'm thinking about the exception you see
and the code where it actually happens.
It is unclear to me how D would end up getting an exception if C is
looking up the service via the dependency manager...
regards,
Karl
On Fri, Jul 27, 2012 at 1:36 PM, bokie <jm...@gmail.com> wrote:
> Hi Richard,
>
> I have changed all "register" and "get" code in my Activators to run in
> doPrivileged() blocks to no avail - I should also mention that I am using
> felix-dependency manager to perform "register" and "get". Are there any
> special consideration to take into account when using the DM under these
> conditions - I have defined the following permissions for the DM:
>
> allow {
> [org.osgi.service.condpermadmin.BundleLocationCondition
> "file:${APP_HOME}/bundles/org.apache.felix.dependencymanager-3.0.0.jar"]
> (java.security.AllPermission "" "")
> } "felix.dependencymanager-permissions"
>
> My Activator:
>
> AccessController.doPrivileged(new PrivilegedAction<Void>() {
> @Override
> public Void run() {
> manager.add(createComponent()
> .setInterface(c.S2.class.getName(), null)
> .setImplementation(c.S2Impl.instance())
> .add(createServiceDependency().setService(a.S1.class).setRequired(true).setCallbacks("added",
> "removed"))
> );
> return null;
> }});
>
>
>
>
>
> --
> View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998726.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
--
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by bokie <jm...@gmail.com>.
Hi Richard,
I have changed all "register" and "get" code in my Activators to run in
doPrivileged() blocks to no avail - I should also mention that I am using
felix-dependency manager to perform "register" and "get". Are there any
special consideration to take into account when using the DM under these
conditions - I have defined the following permissions for the DM:
allow {
[org.osgi.service.condpermadmin.BundleLocationCondition
"file:${APP_HOME}/bundles/org.apache.felix.dependencymanager-3.0.0.jar"]
(java.security.AllPermission "" "")
} "felix.dependencymanager-permissions"
My Activator:
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
manager.add(createComponent()
.setInterface(c.S2.class.getName(), null)
.setImplementation(c.S2Impl.instance())
.add(createServiceDependency().setService(a.S1.class).setRequired(true).setCallbacks("added",
"removed"))
);
return null;
}});
--
View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719p4998726.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org
Re: framework security
Posted by "Richard S. Hall" <he...@ungoverned.org>.
On 7/26/12 21:52 , bokie wrote:
> Hi,
>
> I am currently busy with a project and for this one I decided to implement
> security. It's been going relatively well accept for a strange issue I'm
> having - I'll try my best to explain it:
>
> I have four bundles;
> - Bundle A is "API A"
> - Bundle B is the "API A PROVIDER"
> - Bundle C is "API C" and "API C PROVIDER" and a "API A CONSUMER"
> - Bundle D is a "API C CONSUMER"
>
> The following permissions have been defined for each bundle
> - Bundle A
> PackagePermission "a" "exportonly"
>
> - Bundle B
> PackagePermission "a" "import"
> ServicePermission "a.S1" "register"
>
> - Bundle C
> PackagePermission "a" "import"
> PackagePermission "c" "exportonly"
> ServicePermission "a.S1" "get"
> ServicePermission "c.S2" "register"
>
> - Bundle D
> PackagePermission "c" "import"
> ServicePermission "c.S2" "get"
>
> Now for the strange part - unless I give Bundle D the ServicePermission
> "get" for a.S1 I can't get things to work, and NO Bundle D makes absolutely
> no reference to Bundle A; Bundle D is a consumer of Bundle C which in turn
> is a consumer of Bundle A through Bundle B's implementation.
>
> In other words, to get things to work I have to change this:
> - Bundle D
> PackagePermission "c" "import"
> ServicePermission "c.S2" "get"
> to this:
> - Bundle D
> PackagePermission "c" "import"
> ServicePermission "c.S2" "get"
> ServicePermission "a.S1" "get"
>
>
> Am I missing something here - cause this doesn't seem right and makes no
> sense?
Just a guess, but perhaps C isn't doing a doPrivileged() block when it
attempts to get service a.S1, so it fails because D is on the call
stack. When trying to provide controlled access to secure resources, you
must use doPrivileged() blocks to short-circuit the security call stack
walk, otherwise all code on the call stack is checked for having the
necessary privileges...
-> richard
>
>
> Thanks
> Bokie
>
>
>
>
>
>
>
>
> --
> View this message in context: http://apache-felix.18485.n6.nabble.com/framework-security-tp4998719.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org