Blocking system.exit in osgi (Part II)

After failing the last time I did some more research on how to get the security manager enabled.
Lukily I found some discussion about this issue on a mailinglist.
I resolved this issue at least with the equinox framework. The Felix didn’t work yet. I will do some more in depth research on this later on.

Now how do we get this SecurityManager running with the Equinox OSGi Container?
We need another parameter specialized for Equinox. So we end up with a custom.properties file that has the following entries:

karaf.framework=equinox

org.osgi.framework.security=osgi

The critical entries are set in the system.properties

java.security.policy=${karaf.base}/etc/all.policy

java.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager

Now we have a security Manager running, but right now no security is checked, since the app.policy file is very small

grant {
permission java.security.AllPermission;
};

There are quite some pitfalls around this issue, that’s probably one of the reasons why everybody is taking doing a big turn around this issue.
Some more insight into this can be founde here

The biggest issue right now is that it is only possible to configure permissions we wan’t to grant, but it is not possible to deny certain permissions.
Either there is a specialty around the OSGi container for that or this is basically it.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.


*