Over the last few days I have committed a bunch of updates to the
repository, activation, and composition package that enable the following:
* Declaration in a kernel configuration of a bunch of permissions
granted by a system to a runtime. The permissions assigned by the
kernel are accessible though the SystemContext (available to all
model implementations). E.g.
SystemContext system = context.getSystemContext();
SecurityModel security = system.getSecurityModel();
Permission[] permissions = security.getPermissions();
* the ability to declare requested permissions on a component using
an @avalon.security.permission tag. These permission are exposed
on a component Type instance. For example:
Type type = componentModel.getType();
SecurityDescriptor security = type.getSecurity();
PermissionDescriptor[] permissions =
security.getPermissions();
The next item on the agenda is to establish a deployment failure when
the available permissions do not encompass the permissions requested by
a component.
Following this we will need to introduce the ability to declare
overriding security profiles via a local system configuration (override
targets). This is partly in place but still needs a little more work to
integrate the solution into the class loader model creation methods.
Also I'm interested in getting in place permission profiles (suggested
by Niclas) so that we can more easily manage different security scenarios.
Cheers, Stephen.
--
|------------------------------------------------|
| Magic by Merlin |
| Production by Avalon |
| |
| http://avalon.apache.org/merlin |
| http://dpml.net/merlin/distributions/latest |
|------------------------------------------------|
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org
For additional commands, e-mail: dev-help@avalon.apache.org