aries-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Ross (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (ARIES-497) Subsystem-scope: some prototype work for java security
Date Thu, 13 Sep 2012 11:46:07 GMT

     [ https://issues.apache.org/jira/browse/ARIES-497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Ross closed ARIES-497.
---------------------------

    Resolution: Not A Problem

Closing as no longer relevant. Security requirements have been defined by the subsystems specification
and implemented.
                
> Subsystem-scope: some prototype work for java security
> ------------------------------------------------------
>
>                 Key: ARIES-497
>                 URL: https://issues.apache.org/jira/browse/ARIES-497
>             Project: Aries
>          Issue Type: Improvement
>          Components: Subsystem
>            Reporter: Lin Sun
>            Assignee: Lin Sun
>            Priority: Minor
>
> I have done some prototype work for for subsystem with java security.  The idea is when
security manager is turned on, we want to allow the subsystem to have some sort of default
permissions (default allows and denys).
> I haven't really gotten the piece of work working but I thought I should check what I
have.   Here is what it is able to do:
> 1. added default allows and denys for scope when each of the scope is created.  If the
scope provides its own permission file, this file needs to be read. (TBD).
> 2. added itests for these.  Unfortunately itests are not passing yet, but I was able
to turn on security w/ equinox and run through the itests.  The itests currently failed when
scopeUpdateImpl is trying to register the scopeadmin service in the service registry but didn't
have permission to do so.   It seems I am not configuring the permission correctly for the
subsystem.scope.impl bundle.   I thought I should check in what I have for now.   The tests
of course pass when security is off.
>   <error message="access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin
register)" type="java.security.AccessControlException">java.security.AccessControlException:
access denied (org.osgi.framework.ServicePermission org.apache.aries.subsystem.scope.ScopeAdmin
register)
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>         at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
>         at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
>         at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:186)
>         at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.checkRegisterServicePermission(ServiceRegistry.java:1021)
>         at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:200)
>         at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:429)
>         at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:447)
>         at org.apache.aries.subsystem.scope.impl.ScopeUpdateImpl.commit(ScopeUpdateImpl.java:164)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message