Schlagwort-Archive: osgi

Blocking system.exit in osgi (Part III)

Hey, finally Felix is running with security also 🙂
No big changes needed.
As mentioned before the

org/apache/felix/org.apache.felix.security/1.4.0/
org.apache.felix.framework.security-1.4.0.jar=1

is neede within the startup config (Equinox didn’t need this one)
The custom.properties are setup only contain the org.osgi.framework.security=osgi
entry and the system.properties only contain this:

java.security.policy=${karaf.base}/etc/all.policy

java.security.manager

An additional File called security.policy is also added to the etc folder, but somehow the content doesn’t seem to be parsed, even though the SecurityManager of Felix should consume this file.
Anyway here is the content I added to the file:

DENY {
( java.lang.RuntimePermission "exitVM")
}
ALLOW {
( java.security.AllPermission "*" "*")
}

Blocking system.exit in osgi (Part II)

After failing the last time I did some more research on how to get the security manager enabled.
Lukily I found some discussion about this issue on a mailinglist.
I resolved this issue at least with the equinox framework. The Felix didn’t work yet. I will do some more in depth research on this later on.

Now how do we get this SecurityManager running with the Equinox OSGi Container?
We need another parameter specialized for Equinox. So we end up with a custom.properties file that has the following entries:

karaf.framework=equinox

org.osgi.framework.security=osgi

The critical entries are set in the system.properties

java.security.policy=${karaf.base}/etc/all.policy

Blocking system.exit in osgi

One thing beforehand, calling system.exit from a bundle is evil!
But even worse is a third party legacy jar calling system.exit instead of throwing exceptions. Now how do we stop this jar from doing such evil?
The only way you can do this is to use a SecurityManager preventing calls to system.exit. Wow!!!
Now how am I supposed to do something like that in an OSGi world?
This is where the security bundle of felix comes in place.

PAX-Web

Just did finish most parts of the issue PAXWEB-210 I was working on now for about two weeks. While I was working on this issue I have seen a lot of code. That is one of the reasons why I was able to fix quite some bugs. I also added on requested improvement PAXWEB-193. I needed this to easely add „UserRealm“ objects to the server configuration, another way of configuring the pax-web jetty server is to add a fragment containing the configuration which I personaly dislike. All of the changes can be found on github here. Go ahead and review 🙂