You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@felix.apache.org by Ching-Yi Chan <ch...@gmail.com> on 2008/09/17 09:55:04 UTC

Implement the BundleSecurityManager to prevent container shudown from bundle calling System.exit

Hello everybody,

I have tried to implement a BundleSecurityManager which can disable the
System.exit() method call.

[code]

*public* *class* BundleSecurityManager *extends* SecurityManager {

  *public* *void* checkPermission(Permission perm, Object context) {

    *if* (perm == *null* || perm.getName() == *null*) {
      *throw* *new* NullPointerException();
    }

    *if* (perm.getName().startsWith("exitVM")) {
      *throw* *new* SecurityException();
    }
  }

  *public* *void* checkPermission(Permission perm) {

    *if* (perm == *null* || perm.getName() == *null*) {
      *throw* *new* NullPointerException();
    }

    *if* (perm.getName().startsWith("exitVM")) {
      *throw* *new* SecurityException();
    }
  }
}
[/code]

And I use it in my service boot bundle :

[code]

*public* *class* BootService {

  SecurityManager defaultSecurtiyManager = *null*;

  *public* *void* start() *throws* Exception {
    defaultSecurtiyManager = System.getSecurityManager();

    *if* (System.getSecurityManager() == *null*) {
      System.setSecurityManager(*new* BundleSecurityManager());
    }
   }

  *public* *void* stop() *throws* Exception {
    System.setSecurityManager(defaultSecurtiyManager);
  }

}[/code]

finally, we also need a security policy file
[code]

grant
{
  permission java.security.AllPermission;
}


[/code]


we can start felix :

java -Djava.security.policy=bundle.policy -jar bin\felix.jar

I don't know other way to do this, any suggestions is appreciated.

Re: Implement the BundleSecurityManager to prevent container shudown from bundle calling System.exit

Posted by Ching-Yi Chan <ch...@gmail.com>.

Hello Karl,

I post that codes to show one kind of the metods to disable System.exit()
method called in the bundle.
My problem is that old projects will port to osgi container and some classes
may call System.exit() but this action will cause osgi container shutdown
soon.

my friend give me a clue about the SecurityManager to solve it. I have done
the work and share my solution to other users. I hope it will help anyone
and want to get some feedbacks to do it better.

2008/9/18 Karl Pauls <ka...@gmail.com>

>
>
> Am 17.09.2008 um 09:55 schrieb "Ching-Yi Chan" <ch...@gmail.com>:
>
>  Hello everybody,
>>
>> I have tried to implement a BundleSecurityManager which can disable the
>> System.exit() method call.
>>
>
> I guess I don't really understand your question... Does it work like this
> for you and you want to know whether this is a good approach?
>
> regards,
>
> Karl
>
>
>
>> [code]
>>
>> *public* *class* BundleSecurityManager *extends* SecurityManager {
>>
>>  *public* *void* checkPermission(Permission perm, Object context) {
>>
>>   *if* (perm == *null* || perm.getName() == *null*) {
>>     *throw* *new* NullPointerException();
>>   }
>>
>>   *if* (perm.getName().startsWith("exitVM")) {
>>     *throw* *new* SecurityException();
>>   }
>>  }
>>
>>  *public* *void* checkPermission(Permission perm) {
>>
>>   *if* (perm == *null* || perm.getName() == *null*) {
>>     *throw* *new* NullPointerException();
>>   }
>>
>>   *if* (perm.getName().startsWith("exitVM")) {
>>     *throw* *new* SecurityException();
>>   }
>>  }
>> }
>> [/code]
>>
>> And I use it in my service boot bundle :
>>
>> [code]
>>
>> *public* *class* BootService {
>>
>>  SecurityManager defaultSecurtiyManager = *null*;
>>
>>  *public* *void* start() *throws* Exception {
>>   defaultSecurtiyManager = System.getSecurityManager();
>>
>>   *if* (System.getSecurityManager() == *null*) {
>>     System.setSecurityManager(*new* BundleSecurityManager());
>>   }
>>  }
>>
>>  *public* *void* stop() *throws* Exception {
>>   System.setSecurityManager(defaultSecurtiyManager);
>>  }
>>
>> }[/code]
>>
>> finally, we also need a security policy file
>> [code]
>>
>> grant
>> {
>>  permission java.security.AllPermission;
>> }
>>
>>
>> [/code]
>>
>>
>> we can start felix :
>>
>> java -Djava.security.policy=bundle.policy -jar bin\felix.jar
>>
>> I don't know other way to do this, any suggestions is appreciated.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>

Re: Implement the BundleSecurityManager to prevent container shudown from bundle calling System.exit

Posted by Karl Pauls <ka...@gmail.com>.


Am 17.09.2008 um 09:55 schrieb "Ching-Yi Chan"  
<ch...@gmail.com>:

> Hello everybody,
>
> I have tried to implement a BundleSecurityManager which can disable  
> the
> System.exit() method call.

I guess I don't really understand your question... Does it work like  
this for you and you want to know whether this is a good approach?

regards,

Karl

>
> [code]
>
> *public* *class* BundleSecurityManager *extends* SecurityManager {
>
>  *public* *void* checkPermission(Permission perm, Object context) {
>
>    *if* (perm == *null* || perm.getName() == *null*) {
>      *throw* *new* NullPointerException();
>    }
>
>    *if* (perm.getName().startsWith("exitVM")) {
>      *throw* *new* SecurityException();
>    }
>  }
>
>  *public* *void* checkPermission(Permission perm) {
>
>    *if* (perm == *null* || perm.getName() == *null*) {
>      *throw* *new* NullPointerException();
>    }
>
>    *if* (perm.getName().startsWith("exitVM")) {
>      *throw* *new* SecurityException();
>    }
>  }
> }
> [/code]
>
> And I use it in my service boot bundle :
>
> [code]
>
> *public* *class* BootService {
>
>  SecurityManager defaultSecurtiyManager = *null*;
>
>  *public* *void* start() *throws* Exception {
>    defaultSecurtiyManager = System.getSecurityManager();
>
>    *if* (System.getSecurityManager() == *null*) {
>      System.setSecurityManager(*new* BundleSecurityManager());
>    }
>   }
>
>  *public* *void* stop() *throws* Exception {
>    System.setSecurityManager(defaultSecurtiyManager);
>  }
>
> }[/code]
>
> finally, we also need a security policy file
> [code]
>
> grant
> {
>  permission java.security.AllPermission;
> }
>
>
> [/code]
>
>
> we can start felix :
>
> java -Djava.security.policy=bundle.policy -jar bin\felix.jar
>
> I don't know other way to do this, any suggestions is appreciated.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org