Java Reference
In-Depth Information
1
ConditionalPermissionAdmin
ConditionalPermissionInfo
1
ConditionInfo
PermissionInfo
Encodes
Encodes
Figure 14.2
Conditional
Permission Admin Service
overview
Condition
java.security.Permission
With this service, you can grant permissions to bundles. To achieve this, you use the
service to maintain a persistent set of
ConditionalPermissionInfo
objects, which as a
whole embody your current security policy. A
ConditionalPermissionInfo
object is a
tuple containing a set of
ConditionInfo
objects and a set of
PermissionInfo
objects.
Figure 14.2 depicts these relationships.
The set of
ConditionInfo
objects encodes the conditions that must be true for the
permissions to apply, and the set of
PermissionInfo
objects encodes the permissions
to be granted. You may wonder why you need
ConditionInfo
and
PermissionInfo
objects to encode the conditions and permissions, respectively, rather than directly
creating instances of conditions and permissions. This is because the bundle assigning
permissions may not have access to the associated classes, because you're in a modular
environment. Both of these info objects encode a target class name and its construc-
tor arguments.
More specifically, a
ConditionInfo
encodes two arguments: the class name of the
condition and an array of
String
objects for any constructor arguments for the condi-
tion class. The
PermissionInfo
object, on the other hand, encodes three arguments:
the class name of the permission and the standard
name
and
actions
arguments of
the permission class constructor. As a simple example, you can construct a
Permis-
sionInfo
object like this:
new PermissionInfo(
AdminPermission.class.getName(), "(id>10)", AdminPermission.EXECUTE);
This encodes the
AdminPermission
with the
name
of
(id>10)
and
actions
of
execute
,
which grants the right to start and stop bundles with a bundle identifier greater than 10.
To s e e a
ConditionInfo
example, you'll need a concrete condition to play with, so we'll
introduce one next. After that, we can get down to brass tacks and show you the steps
involved in using
ConditionalPermissionAdmin
.
14.4.3
Bundle location condition
We've talked abstractly about conditions, but we haven't yet discussed any concrete con-
dition types. The
OSG
i specification defines two:
BundleLocationCondition
and
BundleSignerCondition
. Intuitively, you can probably guess that these conditions cor-
respond to the two types of conditions that exist in standard Java policy files. You'll learn
about the former right now and the latter when we discuss bundle signing a little later.