You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by JAEBOO JUNG <it...@samsung.com> on 2012/08/30 02:27:24 UTC
OSGi Bundle Permissions on Geronimo
I am about to make a enterprise cloud OSGi web-service by using Apache
Geronimo V3.0.
The final goal is to make custom BundleManager(maybe it is a bundle too)
that can do simple bundle action like install/uninstall/start/stop the other
bundles from any users.
Each bundle is WAB(web application bundle) and will be added in some
Application Bundle.
But I encounter some critical problems which can cause security issues.
1. Although only BundleManager I want to make can manage the bundle's
lifecycle by using BundleContext , but any bundles made by some users can
use BundleContext in Activator or any servlet in their bundles. So, for
example, Bundle A(from user1) can get Bundle B(from user2) from
BundleContext and Bundle A can stop or uninstall Bundle B with no permission
though Bundle A is not BundleManager..
2. I used to run java security manager and manipulate its(Bundle A)
permission. but it didn't properly work. Besides I can access Geronimo Web
Admin console with no login process . I think that allpermission in the
policy file cause this situation.
How can I achieve my goal. I heard that Composite bundle can isolate
bundles, but Geronimo didn't support Composite Bundle(CBA). I really wait
and appreciate all ideas. Thanks for all your help in advance :)
Re: OSGi Bundle Permissions on Geronimo
Posted by JB Jung <ka...@naver.com>.
I greatly appreciate your advice.
I've been working very hard to find the solution of that.
As you metioned in reply, OSGi v4.3 core spec introduced some Hook services
like EventHook in the package of org.osgi.framework.hooks.bundle and
EventHook which work as service listener in the package of ...hooks.service.
I thought that I could handle it before some kinds of events such as Bundle
Install/Stop whatever delivered to OSGi framework by BundleHost class.
But, in case of bundle event hook, If I removed any BundleContexts from
collection, I could prevent the event from being delivered to the only
associated bundles, not original bundle. And it is asynchronous, so tricky.
I've looked ConditionalPermissionAdmin before. And I want to try it. But If
i add only -Djava.security.manager argument in the VM option, Geronimo
didn't start.
thanks
JB
--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/OSGi-Bundle-Permissions-on-Geronimo-tp3985671p3985689.html
Sent from the Users mailing list archive at Nabble.com.
Re: OSGi Bundle Permissions on Geronimo
Posted by David Jencks <da...@yahoo.com>.
I don't think bundle hooks are a suitable approach to this problem. However, if you want to pursue it further, look into the equinox regions bundle and, I'd suggest, the aries subsystem implementation. Using bundle hooks directly is very tricky.
Have you looked at osgi conditional permission admin? That looks like a much better fit to your problem.
thanks
david jencks
On Sep 2, 2012, at 11:12 PM, Ivan wrote:
> I am not sure whether OSGi security could help on this. But with the Bundle Hook Service API introduced in v4.3, it is possible to limit/filter the result of those methods, like getBundles(), and etc.
>
> There are also other new APIs, which could be used to filter the services and other things. You may refer to the OSGi v4.3 core spec.
>
> 2012/8/30 JAEBOO JUNG <it...@samsung.com>
> I am about to make a enterprise cloud OSGi web-service by using Apache Geronimo V3.0.
>
> The final goal is to make custom BundleManager(maybe it is a bundle too) that can do simple bundle action like install/uninstall/start/stop the other bundles from any users.
>
> Each bundle is WAB(web application bundle) and will be added in some Application Bundle.
>
> But I encounter some critical problems which can cause security issues.
>
>
>
> 1. Although only BundleManager I want to make can manage the bundle's lifecycle by using BundleContext , but any bundles made by some users can use BundleContext in Activator or any servlet in their bundles. So, for example, Bundle A(from user1) can get Bundle B(from user2) from BundleContext and Bundle A can stop or uninstall Bundle B with no permission though Bundle A is not BundleManager..
>
>
>
> 2. I used to run java security manager and manipulate its(Bundle A) permission. but it didn't properly work. Besides I can access Geronimo Web Admin console with no login process . I think that allpermission in the policy file cause this situation.
>
>
>
> How can I achieve my goal. I heard that Composite bundle can isolate bundles, but Geronimo didn't support Composite Bundle(CBA). I really wait and appreciate all ideas. Thanks for all your help in advance :)
>
>
>
>
> --
> Ivan
Re: OSGi Bundle Permissions on Geronimo
Posted by Ivan <xh...@gmail.com>.
I am not sure whether OSGi security could help on this. But with the
Bundle Hook Service API introduced in v4.3, it is possible to limit/filter
the result of those methods, like getBundles(), and etc.
There are also other new APIs, which could be used to filter the services
and other things. You may refer to the OSGi v4.3 core spec.
2012/8/30 JAEBOO JUNG <it...@samsung.com>
> I am about to make a enterprise cloud OSGi web-service by using Apache
> Geronimo V3.0.****
>
> The final goal is to make custom BundleManager(maybe it is a bundle too)
> that can do simple bundle action like install/uninstall/start/stop the
> other bundles from any users.****
>
> Each bundle is WAB(web application bundle) and will be added in some
> Application Bundle.****
>
> But I encounter some critical problems which can cause security issues.***
> *
>
> ** **
>
> 1. Although only BundleManager I want to make can manage the bundle's
> lifecycle by using BundleContext , but any bundles made by some users can
> use BundleContext in Activator or any servlet in their bundles. So, for
> example, Bundle A(from user1) can get Bundle B(from user2) from
> BundleContext and Bundle A can stop or uninstall Bundle B with no
> permission though Bundle A is not BundleManager..****
>
> ** **
>
> 2. I used to run java security manager and manipulate its(Bundle A)
> permission. but it didn't properly work. Besides I can access Geronimo Web
> Admin console with no login process . I think that allpermission in the
> policy file cause this situation.****
>
> ** **
>
> How can I achieve my goal. I heard that Composite bundle can isolate
> bundles, but Geronimo didn't support Composite Bundle(CBA). I really wait
> and appreciate all ideas. Thanks for all your help in advance :)****
>
--
Ivan