Java Reference
In-Depth Information
write your changes. For example, the following code snippet shows how a bundle can
give itself
AllPermission
(steps 1 and 2 from earlier).
Listing 14.2 Using the
ConditionalPermissionUpdate
to set permissions
ConditionalPermissionAdmin cpa = getConditionalPermissionAdmin();
ConditionalPermissionUpdate u = cpa.newConditionalPermissionUpdate();
List infos = u.getConditionalPermissionInfos();
infos.clear();
infos.add(
cpa.newConditionalPermissionInfo(
"management agent all permission",
new ConditionInfo[] {
new ConditionInfo(
BundleLocationCondition.class.getName(),
new String[] { context.getBundle().getLocation() })
},
new PermissionInfo[] {
new PermissionInfo(
AllPermission.class.getName(), "", "")
}
},
ConditionalPermissionInfo.ALLOW));
u.commit();
Going step by step through the code, you begin by using a utility method to retrieve
the
ConditionalPermissionAdmin
service, and then you use the service to get a
ConditionalPermissionUpdate
object. From the update object, you get a list of
ConditionalPermissionInfo
objects representing the current security policy (which
is an empty list initially). Although it may not technically be necessary, you clear the list
to make sure there aren't any other random permissions in your security policy. Then
you add a new
ConditionalPermissionInfo
object, which you construct using the
newConditionalPermissionInfo()
method of the
ConditionalPermissionAdmin
ser-
vice. This method takes four arguments: the name associated with the
Conditional-
PermissionInfo
, an array of
ConditionalInfo
objects, an array of
PermissionInfo
objects, and an access-decision flag.
What does this particular permission entry do? The name you set is a unique key to
identify the entry and has no inherent meaning; if you specify
null
for the name, a
unique name will be generated for you. The single
ConditionInfo
and
Permission-
Info
objects in their respective arrays match your bundle and grant it
AllPermission
.
We'll expand on the last argument, the access-decision flag, in the next section.
The last step after adding the
ConditionalPermissionInfo
object is to commit it,
which you do using the update object. Assuming this completes successfully, you've
successfully modified the security policy. To set permissions for other bundles, you fol-
low a similar set of steps: get an update object, add or remove any desired permissions,
and then call
commit()
. Pretty simple. Just make sure you don't delete the entry giving
your own bundle
AllPermission
!
Now let's look into what the access-decision flag means.
