PAXWEB-210

Just the other day I was able to finaly finish my work on PAXWEB-210.
This took me a while, after the upgrade to Jetty7 the configuration of the SecurityRealm through the web.xml descritptor didn’t work anymore. 🙁
The issue on this has been, that the context of the application was already started. I was able to work around this, and finally the realm can be configured before the context is started again.

Blocking system.exit in OSGi (Part IV)

Hey, I finally made it. After seeking for more help on the felix list (didn’t help any) I got into the problem and solved it. Here is the complete set of what you need to get around the issue of an system.exit in your Bundle.

First of all you need to configure the availability of a SecurityManager with your Framework. Now the following Changes should work both with Equinox and Felix.
The second thing you need to know about is the PermissionAdmin Service Specification.

Configuration using Equinox

Blocking system.exit in osgi (Part III)

Hey, finally Felix is running with security also 🙂
No big changes needed.
As mentioned before the

org/apache/felix/org.apache.felix.security/1.4.0/
org.apache.felix.framework.security-1.4.0.jar=1

is neede within the startup config (Equinox didn’t need this one)
The custom.properties are setup only contain the org.osgi.framework.security=osgi
entry and the system.properties only contain this:

java.security.policy=${karaf.base}/etc/all.policy

java.security.manager

An additional File called security.policy is also added to the etc folder, but somehow the content doesn’t seem to be parsed, even though the SecurityManager of Felix should consume this file.
Anyway here is the content I added to the file:

DENY {
( java.lang.RuntimePermission "exitVM")
}
ALLOW {
( java.security.AllPermission "*" "*")
}

Blocking system.exit in osgi (Part II)

After failing the last time I did some more research on how to get the security manager enabled.
Lukily I found some discussion about this issue on a mailinglist.
I resolved this issue at least with the equinox framework. The Felix didn’t work yet. I will do some more in depth research on this later on.

Now how do we get this SecurityManager running with the Equinox OSGi Container?
We need another parameter specialized for Equinox. So we end up with a custom.properties file that has the following entries:

karaf.framework=equinox

org.osgi.framework.security=osgi

The critical entries are set in the system.properties

java.security.policy=${karaf.base}/etc/all.policy