Java Reference
In-Depth Information
permission management. We'll look at these services shortly; first, let's examine
OSG
i-
specific permissions defined by the
OSG
i specification.
14.3
OSGi-specific permissions
Certain methods in the
OSG
i framework
API
perform sensitive operations or provide
access to sensitive information. To control which code can access these sensitive meth-
ods, the
OSG
i specification defines a few custom permissions, as you learned about in
the last section. You can group these permissions by the layers of the
OSG
i framework,
as shown in table 14.1.
Table 14.1
Permissions defined by the OSGi specification
Layer
Permission(s)
Module
PackagePermission
—Controls which packages a bundle is allowed to
import and/or export
BundlePermission
—Controls which bundles a bundle is allowed to require
Lifecycle
AdminPermission
—Controls which bundles are allowed to perform sensitive
lifecycle operations
Services
ServicePermission
—Controls which services a bundle is allowed to pub-
lish and/or use
We'll introduce these
OSG
i permissions in the following subsections, and you'll subse-
quently use them when we discuss permission management.
Names and actions
Standard Java permissions typically have constructors that accept two parameters:
a
name
string and an
actions
string. The meaning of these parameters is determined
by the specific permission. For example,
java.io.FilePermission
expects a file
path for
name
and a comma-delimited value that may include
READ
,
WRITE
,
EXECUTE
,
or
DELETE
for actions. The combination of
name
and
actions
allows you to express
everything the permission allows you to control. All of the OSGi-specific permissions
follow this pattern, as you'll see.
14.3.1
PackagePermission
PackagePermission
is a module-layer permission giving you the ability to limit which
packages a bundle can import or export. For example, we discussed how methods can
use
AccessController.doPrivileged()
to allow code with insufficient privileges to
perform sensitive operations. You may not want any arbitrary code using the packages
containing these privileged operations. In that case, you can use
PackagePermission
to limit which bundles can import the packages containing the associated classes.
Likewise, you can use
PackagePermission
to control which bundles can export a
given package, because you may only want trusted bundles providing some packages.