Java Reference
In-Depth Information
If a bundle that isn't signed by your core certificate tries to register a shape service, the
user is asked to grant or deny that request. Pretty simple, right? This entry only deals
with asking the user to approve shape services from non-core bundles; you still need
to create an entry to grant these bundles the ability to do everything else. In that case,
you need to grant them
AllPermission
except for registering shape services. You can
use a
DENY
access decision, like this:
DENY {
( org.osgi.framework.ServicePermission
"org.foo.shape.SimpleShape" "register" )
} "Deny register"
ALLOW {
( java.security.AllPermission "*" "*" )
} "All other"
All these entries combined form your defined security policy. You may wonder
whether the policy is correct. If you follow the rule ordering in the policy file, it looks
like it will always prompt the user if a bundle isn't signed by the core. But this isn't the
case, because
AskUserCondition
is a postponed condition. That means it's evaluated
only if no other rule with an immediate condition implies the permission. Your secu-
rity policy is evaluated like this:
If a bundle is signed by the core certificate, it immediately matches the first
rule, which allows it to do anything.
1
If a non-core signed bundle performs any secure operation other than register-
ing a shape service, the first rule doesn't apply, the second rule is postponed,
the third rule doesn't apply, and ultimately the fourth rule is matched that
allows the bundle to do anything.
2
If a non-core signed bundle tries to register a shape service, the first rule
doesn't apply, the second rule is postponed, the third rule applies because the
permission is implied, and this rule fails due to the
DENY
access decision. This
causes the framework to evaluate the postponed second rule because it logically
came before the failed entry, which prompts the user and grants the permission
based on the user's reply.
3
As you can see, you only ask the user at the end if all other rules don't provide the
needed permission. The
DENY
access decision of the third rule provides a way to short-
circuit the rule evaluation. To see this security policy in action, go into the chapter14/
combined-example/ directory of the topic's companion code; type
ant
to build it and
the following to run it:
java -Dorg.osgi.framework.security=osgi -Djava.security.policy=all.policy \
-Dfelix.keystore=file:certificates.ks -Dfelix.keystore.pass=foobar \
-Dfelix.keystore.type=jks -jar launcher.jar bundles
This starts your shell in a security-enabled framework running your security policy.
You first need to install the bundles of the paint program:
